b'      Department of Homeland Security\n\n\n\n\n\n            Implementation and Coordination\n              of TSA\xe2\x80\x99s Secure Flight Program\n\n                      (Redacted)\n\n\n\n\nOIG-12-94                                      July 2012\n\n\x0c                                         OFFICE OF INSPECTOR GENERAL\n                                              Department of Homeland Security\n\n\n   Table of Contents\n   Executive Summary............................................................................................................. 1 \n\n\n   Background ........................................................................................................................ 2 \n\n\n   Results of Review .............................................................................................................. 20 \n\n\n              Secure Flight Relies on Passenger- and Aircraft Operator-Submitted Data and\n                Aircraft Operator Compliance To Conduct Watch List Matching...................... 21\n\n              Recommendations ............................................................................................... 27 \n\n              Management Comments and OIG Analysis ......................................................... 28 \n\n              Recommendation ................................................................................................. 35 \n\n              Management Comments and OIG Analysis ......................................................... 35 \n\n\n              Secure Flight Relies on the Availability of the DHS Router, But Some Disruptions\n                Occur\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6..\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa636\n\n              Secure Flight Has Full Site Redundancy and Conducts System Testing To Ensure\n\n                Availability\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6.\xe2\x80\xa6.\xe2\x80\xa6.. 39\n\n\n              Secure Flight Has Developed Safeguards To Protect Personal Data and Watch List\n\n                Records\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6..\xe2\x80\xa6\xe2\x80\xa6. 41\n\n\n              Secure Flight Should Prioritize Its Mission, While Developing and Implementing\n                Initiatives\xe2\x80\xa6................................................................................................. ....... 43 \n\n              Recommendation\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6..\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6...48\n\n              Management Comments and OIG Analysis\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6.\xe2\x80\xa6\xe2\x80\xa6\xe2\x80\xa6 48\n\n\n              Conclusion............................................................................................................. 50\n\n\n\n\n\nwww.oig.dhs.gov                                                                                                                 OIG-12-94\n\x0c                               OFFICE OF INSPECTOR GENERAL\n                                   Department of Homeland Security\n\n\n   Appendixes\n           Appendix A:   Objectives, Scope, and Methodology ............................................ 51\n           Appendix B:   Recommendations......................................................................... 53\n           Appendix C:   Management Comments to the Draft Report ............................... 54\n           Appendix D:   Secure Flight Passenger Prescreening Process.............................. 59\n           Appendix E:   Major Contributors to This Report ................................................ 60\n           Appendix F:   Report Distribution ........................................................................ 61\n\n   Abbreviations\n           AIM            Airline Implementation Manager\n           BPPR           boarding pass printing result\n           CBP            U.S. Customs and Border Protection\n           CSA            Customer Service Agent\n           DHS            Department of Homeland Security\n           FAA            Federal Aviation Administration\n           FBI            Federal Bureau of Investigation\n           NCTC           National Counterterrorism Center\n           OI             Office of Intelligence\n           OIG            Office of Inspector General\n           OIT            Office of Information and Technology\n           SFA            Secure Flight Analyst\n           SFPD           Secure Flight Passenger Data\n           SOC            Secure Flight Operations Center\n           TIDE           Terrorist Identities Datamart Environment\n           TRIP           Traveler Redress Inquiry Program\n           TSA            Transportation Security Administration\n           TSC            Terrorist Screening Center\n           TSDB           Terrorist Screening Database\n           TTAC           Transportation Threat Assessment and Credentialing\n           VID            verifying identity document\n           WLS            Watch List Service\n\n\n\nwww.oig.dhs.gov                                                                                                 OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n   Executive Summary\n   The Transportation Security Administration (TSA) is responsible for securing all modes of\n   transportation, while also ensuring the freedom of movement for people and\n   commerce. Through the Secure Flight program, TSA assumed from commercial aircraft\n   operators the performance of passenger watch list matching for all covered flights into,\n   out of, within, and over the United States. Aircraft operators are required to submit\n   passenger data to Secure Flight prior to flight departure for advanced passenger\n   prescreening.\n\n   We reviewed the Secure Flight program to determine whether it is screening all\n   appropriate persons and whether the processes for aircraft operators to submit\n   passenger data and receive boarding pass instructions are timely and effective. We also\n   reviewed how the program\xe2\x80\x99s screening processes are tested for accuracy, prioritization,\n   and timeliness, as well as how it is protecting personally identifiable and sensitive watch\n   list information.\n\n   Government and private sector partners recognize the Secure Flight program\xe2\x80\x99s value, as\n   it has provided more consistent passenger prescreening.\n\n                                                           it has a defined system and\n\n   processes to conduct watch list matching. To ensure that aircraft operators follow\n   established procedures, Secure Flight monitors records and uses its discretion to\n   forward issues for compliance investigation. Once Secure Flight assumed advanced\n   passenger prescreening from aircraft operators, program focus shifted toward\n   addressing emerging threats through multiple initiatives. We are making four\n   recommendations to identify and eliminate system overrides, prioritize passenger data,\n   standardize compliance, and improve communication and collaboration with partners.\n   TSA concurred with Recommendations 1 and 3 and did not concur with\n   Recommendations 2 and 4.\n\n\n\n\nwww.oig.dhs.gov                                 1                                       OIG-12-94\n\x0c                                   OFFICE OF INSPECTOR GENERAL\n                                       Department of Homeland Security\n\n\n   Background\n   Following the terrorist attacks of September 11, 2001, the U.S. Government needed to\n   strengthen the security of the Nation\xe2\x80\x99s transportation systems, while also ensuring\n   freedom of movement for people and commerce. The Aviation and Transportation\n   Security Act of 2001 established TSA, within the Department of Transportation, and\n   tasked it with securing all modes of transportation, including commercial aviation. 1 As a\n   result of the Homeland Security Act of 2002, in March 2003, TSA was transferred to the\n   Department of Homeland Security (DHS) to unify the Nation\xe2\x80\x99s response to threats to the\n   homeland.2\n\n   TSA issued security directives requiring commercial aircraft operators to perform\n   passenger prescreening using the U.S. Government\xe2\x80\x99s consolidated terrorist watch list,\n   known as the Terrorist Screening Database (TSDB), and matching passenger data against\n   its No Fly and Selectee Lists. The No Fly List identifies individuals who are prohibited\n   from boarding an aircraft or accessing the sterile area of a U.S. airport, while the\n   Selectee List identifies individuals who are to receive additional physical screening prior\n   to boarding an aircraft. Aircraft operators also conducted the same prescreening\n   process for nontraveling persons authorized to enter sterile areas. 3\n\n   In response to a recommendation in The 9/11 Commission Report, 4 the Intelligence\n   Reform and Terrorism Prevention Act of 2004, as amended, directed TSA to develop an\n   advanced passenger prescreening system and assume from aircraft operators the\n   matching of passenger information to the No Fly and Selectee Lists, \xe2\x80\x9cutilizing all\n   appropriate records in the consolidated and integrated terrorist watchlist maintained by\n   the Federal Government.\xe2\x80\x9d 5 This act further required that TSA provide a redress process\n   for misidentified individuals, limit the number of false positives, adopt policies\n   establishing effective oversight, and implement security measures to protect the system\n\n\n   1\n     49 U.S.C. \xc2\xa7 114 (a), (d).\n\n   2\n     6 U.S.C. \xc2\xa7 203.\n\n   3\n     The \xe2\x80\x9csterile area\xe2\x80\x9d is the portion of an airport that provides passengers access to boarding aircraft and to \n\n   which the access generally is controlled by TSA, an aircraft operator, or a foreign air carrier, through the\n\n   screening of persons and property. 49 CFR \xc2\xa7 1540.5.\n\n   4\n     The 9/11 Commission Report, p. 393. \n\n   5\n     49 U.S.C. \xc2\xa7 44903(j)(2)(C)(i).\n\n\nwww.oig.dhs.gov                                          2                                                 OIG-12-94\n\x0c                                  OFFICE OF INSPECTOR GENERAL\n                                      Department of Homeland Security\n\n\n   from unauthorized access and abuse. 6 When Congress transferred this responsibility to\n   TSA, it required aircraft operators to supply TSA with passenger information needed to\n   implement the advanced passenger prescreening system. Aircraft operators must also\n   require third-party entities, such as travel agencies or booking websites, to provide\n   passenger information to aircraft operators for submission to TSA.7\n\n   TSA developed the Secure Flight program to address federalizing commercial aircraft\n   operator passenger prescreening. On October 28, 2008, TSA issued its Secure Flight\n   Final Rule to implement the Intelligence Reform and Terrorism Prevention Act of 2004\n   mandate requiring that TSA assume the passenger prescreening for domestic flights and\n   international flights to, from, and overflying the United States.8 Congress determined\n   that advanced passenger prescreening should be a governmental function, and as a result,\n   TSA, not commercial aircraft operators, bears the responsibility for conducting\n   passenger prescreening.\n\n           The U.S. Government\xe2\x80\x99s Watchlisting System\n\n           To fulfill this responsibility, TSA uses various Federal Government databases to\n           prescreen commercial aircraft passengers. Derogatory information for known or\n           suspected terrorists is maintained in the National Counterterrorism Center\xe2\x80\x99s\n           (NCTC) Terrorist Identities Datamart Environment (TIDE). Some information\n           from this system and the Federal Bureau of Investigation (FBI) Automated Case\n           Support system exports to the TSDB, which serves as the U.S. Government\xe2\x80\x99s\n           consolidated terrorist watch list. The term \xe2\x80\x9cexport\xe2\x80\x9d describes the transfer of\n           record information from one database to another. From the TSDB, records\n           meeting specific inclusion criteria export to the No Fly and Selectee Lists.\n\n           National Counterterrorism Center and the Terrorist Identities Datamart\n           Environment\n\n           Within the Office of the Director of National Intelligence, the NCTC was\n           established by Executive Order 13354 and the Intelligence Reform and Terrorism\n\n   6\n     49 U.S.C. \xc2\xa7 44903(j)(2)(C)(iii).\n\n   7\n     49 U.S.C. \xc2\xa7 44903(j)(2)(C)(iv)(II). \n\n   8\n     Secure Flight Program; Final Rule, 73 Fed. Reg. 64018-64066 (Oct. 28, 2008).\n\n\nwww.oig.dhs.gov                                         3                             OIG-12-94\n\x0c                                  OFFICE OF INSPECTOR GENERAL\n                                       Department of Homeland Security\n\n\n            Prevention Act of 2004 to implement a 9/11 Commission recommendation calling\n            for the NCTC to serve as a center for joint operational planning and joint\n            intelligence. 9 This act further directed that the NCTC will be the central and\n            shared knowledge bank on known or suspected terrorists and international terror\n            groups, as well as their goals, strategies, capabilities, and networks of contacts and\n            support. The NCTC is the primary U.S. Government organization for analyzing and\n            integrating all intelligence possessed or acquired by the U.S. Government\n            regarding terrorism and counterterrorism.10 However, the tasks of collecting and\n            analyzing intelligence pertaining exclusively to domestic terrorists, and\n            investigating counterterrorism within the United States, fall primarily under the\n            purview of the FBI.11\n\n            The NCTC is responsible for maintaining TIDE, the central repository of\n            information on international terrorist identities. TIDE is a classified database\n            that includes, to the extent permitted by law, all identifying and derogatory\n            information that the U.S. Government possesses related to known or suspected\n            terrorists. Homeland Security Presidential Directive-11 defines suspected\n            terrorists as individuals known or reasonably suspected to be or have been\n            engaged in conduct constituting, in preparation for, in aid of, or related to\n            terrorism. Federal departments and agencies nominate individuals for inclusion\n            in TIDE based on evaluations of intelligence and law enforcement terrorism\n            information.\n\n            TIDE is the authoritative database on international known or suspected terrorists\n            that supports the U.S. Government\xe2\x80\x99s watchlisting system. Homeland Security\n            Presidential Directive-6 requires the NCTC to provide the Terrorist Screening\n            Center (TSC) with access to all appropriate information or intelligence in its\n            possession that the TSC needs to perform its functions. 12 As a result, the NCTC\n            provides the TSC with a sensitive but unclassified subset of TIDE\xe2\x80\x99s international\n\n   9\n     See The 9/11 Commission Report, p. 403. \n\n   10\n      50 U.S.C. \xc2\xa7 404o(d)(1).\n\n   11\n      See 28 U.S.C. \xc2\xa7\xc2\xa7 509, 510, 533, and 534; 18 U.S.C. \xc2\xa7 2332b(f); Executive Order 12333; 28 CFR \xc2\xa7 0.85.\n\n   12\n      Homeland Security Presidential Directive-6, Integration and Use of Screening Information to Protect\n\n   Against Terrorism, September 16, 2003. The responsibilities of the Terrorist Threat Integration Center in \n\n   this directive refer to responsibilities that have been assumed by the NCTC as of December 17, 2004, \n\n   pursuant to the Intelligence Reform and Terrorism Prevention Act of 2004. \n\n\nwww.oig.dhs.gov                                          4                                                OIG-12-94\n\x0c                                OFFICE OF INSPECTOR GENERAL\n                                    Department of Homeland Security\n\n\n           known or suspected terrorist identity information and access to TIDE Online, a\n           read-only copy of the database.\n\n           Terrorist Screening Center and the Terrorist Screening Database\n\n           Homeland Security Presidential Directive-6 also instructed the U.S. Attorney\n           General to establish an organization to consolidate the Government\xe2\x80\x99s approach\n           to terrorism screening and to provide for the appropriate and lawful use of\n           terrorist information in screening processes. To implement the directive, the\n           Attorney General\xe2\x80\x94acting through the Director of the FBI, and in coordination\n           with the Secretary of State, Secretary of Homeland Security, and the Director of\n           Central Intelligence\xe2\x80\x94created the TSC. 13\n\n           The TSC maintains the TSDB, which is populated with \xe2\x80\x9cinformation about\n           individuals known or appropriately suspected to be or have been engaged in\n           conduct constituting, in preparation for, in aid of, or related to terrorism.\xe2\x80\xa6\xe2\x80\x9d 14 All\n           TSDB information is sensitive but unclassified, so the broadest range of Federal,\n           State, local, and international terrorist screening partners can benefit from using\n           data derived from the TSDB and exported by the TSC.\n\n           All TSDB information is derived from two sources. The only source for TSDB\n           information on international terrorist identities is TIDE. The remaining\n           information in the TSDB pertains solely to domestic terrorism information. This\n           information is provided to the TSC directly from the FBI\xe2\x80\x99s Automated Case Support\n           system, which contains additional supporting information on domestic terrorists,\n           beyond any biometric and biographic identifiers exported to the TSDB.\n\n           There are minimum substantive derogatory and identifying criteria for inclusion\n           in the TSDB. Although the NCTC accepts nominations that do not fully meet the\n           TSDB derogatory and identifying criteria, it will enter those nominations into\n           TIDE. The NCTC will not export that information to the TSC, however, unless\n           both minimum criteria are met. After receiving TIDE information, the TSC\n\n   13\n      Memorandum of Understanding on the Integration and Use of Screening Information to Protect Against \n\n   Terrorism, September 16, 2003. \n\n   14\n      Homeland Security Presidential Directive-6.\n\n\nwww.oig.dhs.gov                                      5                                             OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           reviews each nomination to ensure that it meets the U.S. Government\xe2\x80\x99s\n           watchlisting standards before creating a TSDB record.\n\n           As part of its mission to maintain the U.S. Government\xe2\x80\x99s consolidated terrorist\n           watch list, the TSC also exports data to other screening systems, including TECS.\n           Some of these systems have their own minimum criteria or restrictions for\n           inclusion, which may differ from TSDB requirements. TECS, which is owned and\n           primarily used by U.S. Customs and Border Protection (CBP), accepts nearly all\n           records from the TSDB and is used to screen individuals at land, sea, and air\n           ports of entry. Many other Federal law enforcement departments and agencies\n           also use TECS as a screening and case management system. The No Fly and\n           Selectee Lists, which are subsets of the TSDB, have the most stringent substantive\n           derogatory and identifying criteria and are used to identify individuals who are\n           prohibited from boarding an aircraft or accessing the sterile area of a U.S.\n           airport, or who are to receive additional physical screening prior to boarding.\n\n           No Fly and Selectee Lists\n\n           The No Fly and Selectee Lists\xe2\x80\x99 criteria were first established by the Homeland\n           Security Council Deputies Committee on October 21, 2004. The Deputies\n           Committee approved the addition of                         criterion to the No Fly\n           List on February 8, 2008. Following the attempted terrorist attack on December\n           25, 2009, the President directed that the No Fly and Selectee Lists\xe2\x80\x99 criteria be\n           reviewed and recommendations be made as to whether any adjustments were\n           needed. The TSC Policy Board Working Group, in conjunction with the\n           Information Sharing Access Interagency Policy Committee, recommended certain\n           changes in the lists\xe2\x80\x99 criteria and implementation guidance. Those\n           recommendations were approved by the merged National Security\n           Council/Homeland Security Council Deputies Committee on May 25, 2010.\n\n           For inclusion on either the No Fly or Selectee List, minimum identifying criteria\n           consist of a first name, last name, and full date of birth.\n\n\n\n\n\nwww.oig.dhs.gov                                 6                                        OIG-12-94\n\x0c                              OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n\n\n           For inclusion on the No Fly List, an individual, regardless of citizenship, must\n           represent\xe2\x80\x94\n\n                  \xe2\x80\xa2\n\n\n\n\nwww.oig.dhs.gov                                  7                                        OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n                  \xe2\x80\xa2\n\n\n\n\n\n           The Selectee List is not a default list for individuals who do not qualify for\n           inclusion on the No Fly List. Rather, the Selectee List includes persons,\n           regardless of citizenship, in the TSDB who do not meet the criteria to be placed\n           on the No Fly List and who are\xe2\x80\x94\n\n                  \xe2\x80\xa2\n\n\n\n\nwww.oig.dhs.gov                                8                                       OIG-12-94\n\x0c                                 OFFICE OF INSPECTOR GENERAL\n                                     Department of Homeland Security\n\n\n\n\n           Secure Flight Program Implementation\n\n           When TSA issued the Secure Flight final rule in October 2008, it was allowed to\n           begin implementing commercial aircraft operator passenger prescreening.\n           Under this final rule, TSA receives specific passenger and nontraveler data and\n           conducts watch list matching against the No Fly and Selectee Lists. A\n           nontraveling individual or nontraveler refers to an individual to whom a covered\n           aircraft operator or covered airport operator seeks to issue authorization to\n           enter the sterile area. TSA then transmits a boarding pass printing result (BPPR)\n           back to aircraft operators. This program is intended to provide consistent and\n           accurate passenger prescreening, while minimizing false matches and protecting\n           personally identifiable information.\n\n           Secure Flight Final Rule\n\n           The Secure Flight final rule covers all flights conducted by U.S. aircraft operators\n           that are required to have a full program under 49 CFR \xc2\xa7 1544.101(a), 21 and all\n\n\n\n\n   21\n     49 CFR \xc2\xa7 1544 requires certain aircraft operators to adopt and carry out a security program approved by\n   TSA, including screening procedures for passenger and property, threat response, and screener\n   qualifications. Aircraft operators required to have a full security program under 49 CFR \xc2\xa7 1544.101(a) are\n   scheduled passenger or public charter passenger operations with an aircraft having a passenger seating\n\nwww.oig.dhs.gov                                        9                                              OIG-12-94\n\x0c                                  OFFICE OF INSPECTOR GENERAL\n                                      Department of Homeland Security\n\n\n           flights arriving in or departing from the United States or overflying the\n           continental United States as operated by foreign aircraft operators that are\n           required to have a security program under 49 CFR \xc2\xa7 1546.101(a) or (b). 22 These\n           aircraft operators generally are the passenger airlines that offer scheduled and\n           public charter flights from commercial airports.\n\n           With implementing the Secure Flight program, TSA requires covered aircraft\n           operators to collect from passengers and transmit to TSA Secure Flight Passenger\n           Data (SFPD). SFPD consists of a passenger\xe2\x80\x99s full name, gender, date of birth, and,\n           when applicable, a Redress Number or Known Traveler Number. A Redress\n           Number is a unique number that DHS assigns to individuals who use the DHS\n           Traveler Redress Inquiry Program (TRIP). DHS TRIP provides a single portal for\n           travelers to seek redress for adverse screening experiences and to resolve\n           possible watch list misidentification issues. A Known Traveler Number is a\n           unique number assigned to \xe2\x80\x9cknown travelers\xe2\x80\x9d for whom the Federal\n           Government has already conducted a threat assessment and has determined do\n           not pose a security threat.\n\n           According to the final rule, aircraft operators are required to make a privacy\n           notice available on public websites and self-serve kiosks before collecting any\n           personally identifiable information from passengers or nontravelers. 23\n\n           The Secure Flight final rule also stipulates that aircraft operators must transmit\n           available SFPD to TSA approximately 72 hours prior to the scheduled flight\n           departure time. For reservations created within 72 hours of flight departure,\n           aircraft operators must submit SFPD as soon as it becomes available. Secure\n           Flight then matches the data provided against the No Fly and Selectee Lists. As\n\n   configuration of 61 or more seats, or 60 or fewer seats when passengers are enplaned from or deplaned\n   into a sterile area.\n   22\n      49 CFR \xc2\xa7 1546 applies to foreign air carriers permitted to operate in the United States and requires\n   these carriers to adopt and carry out a security program approved by TSA, including the screening of\n   passengers and property, and other requirements. Aircraft operators required to have a security program\n   under 49 CFR \xc2\xa7 1546.101(a) or (b) include (1) aircraft having a passenger seating configuration of 61 or\n   more seats, or (2) operations that provide deplaned passengers access to a sterile area, or enplane\n   passengers from a sterile area, when that access is not controlled by an aircraft operator using a security\n   program under 49 CFR \xc2\xa7 1544 or a foreign air carrier using a security program under 49 CFR \xc2\xa7 1546.\n   23\n      49 CFR \xc2\xa7 1560.103.\n\nwww.oig.dhs.gov                                        10                                              OIG-12-94\n\x0c                                    OFFICE OF INSPECTOR GENERAL\n                                        Department of Homeland Security\n\n\n              recommended by the 9/11 Commission and required by the Intelligence Reform\n              and Terrorism Prevention Act of 2004, TSA \xe2\x80\x9cmay use \xe2\x80\x98the larger set of watch lists\n              maintained by the Federal government\xe2\x80\x99 when warranted by security\n              considerations.\xe2\x80\x9d 24 Based on TSA\xe2\x80\x99s matching results, Secure Flight instructs the\n              covered aircraft operator in its BPPR to (1) process the individual in the normal\n              manner; (2) identify the individual for additional screening at a security\n              checkpoint; or (3) deny the individual boarding or authorization to enter a U.S.\n              airport\xe2\x80\x99s sterile area.\n\n\n\n\n                     Secure Flight now screens all TSDB records that have full name and date of\n              birth that are not already on the No Fly or Selectee Lists. These records compose\n              the Expanded Selectee List; however, the Expanded Selectee List does not\n              represent an official subset of the TSDB.\n\n              Secure Flight Program Organization\n\n              During our fieldwork, the Secure Flight program was positioned within TSA\xe2\x80\x99s\n              Transportation Threat Assessment and Credentialing (TTAC). TTAC was the lead\n              for all security threat assessments and credentialing initiatives for transportation\n              industry workers, individuals seeking access to critical infrastructure, and\n              domestic passengers. After our fieldwork ended in October 2011, TSA\xe2\x80\x99s\n              realignment of headquarters functions merged TTAC vetting operations with its\n              Office of Intelligence (OI) to form the new TSA Office of Intelligence and Analysis.\n\n              Within TTAC, Secure Flight was organized into the Secure Flight Operations\n              Center (SOC) and Secure Flight program. The SOC was managed by the TTAC\n              Vetting, Adjudication, and Redress program, and the Secure Flight program was\n              under the TTAC Program Enrollment and Services Office. TTAC Technology\n              managed the information technology support for TTAC, which included Secure\n              Flight.\n\n\n   24\n        Secure Flight Program; Final Rule, 73 Fed. Reg. 64018, 64019.\n\nwww.oig.dhs.gov                                          11                                 OIG-12-94\n\x0c                              OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           Secure Flight Operations Center\n\n           For the Secure Flight program, the SOC reviews and resolves potential watch list\n           matches and answers general aircraft operator questions. Secure Flight has an\n           Operations Support Desk to handle technical issues related to aircraft operators\n           and internal Secure Flight operations. The Operations Support Desk provides\n           aircraft operators, internal customers, and partners, such as the TSC and CBP,\n           with a single point of contact and control for the resolution of technical incidents\n           and problems.\n\n           Secure Flight\xe2\x80\x99s SOC has redundant operations in the Annapolis Junction\n           Operations Center in Maryland and the Colorado Springs Operations Center in\n           Colorado. The SOC operates 24 hours a day, 365 days a year. Centers are\n           staffed with Government employees and contractors who serve as Customer\n           Support Agents (CSAs), Secure Flight Analysts (SFAs), TSA OI Analysts, and Watch\n           Managers. CSAs handle all initial calls received by the SOC, whether related to\n           passenger resolution, customer support, or technical assistance. SFAs are\n           responsible for matching SFPD to watch list records. TSA OI analysts are\n           colocated with the SFAs and conduct threat and intelligence analysis, while\n           assisting with the matching process. Watch Managers oversee both SOC\n           locations to ensure that operations are performed properly and issues are\n           addressed efficiently, effectively, and timely.\n\n           SOC employees are required to complete Secure Flight programmatic and\n           operational training and on-the-job training. Programmatic training ensures that\n           the workforces\xe2\x80\x99 knowledge aligns with program policies, procedures, and\n           standards, while also improving critical competencies as defined by Secure Flight\n           leadership. Examples of programmatic training include Introduction to the\n           Aviation Industry and Secure Flight 101 courses. Operational training maintains\n           and improves the readiness of employees and processes within the SOC.\n           Examples of operational training include call handling and cultural naming\n           courses to aid SOC employees with understanding various naming conventions\n           and determining gender.\n\n           On-the-job training covers additional job-specific tasks and reinforces critical job-\n           specific skills that are not fully covered in the programmatic or operational\n\nwww.oig.dhs.gov                                 12                                        OIG-12-94\n\x0c                                OFFICE OF INSPECTOR GENERAL\n                                   Department of Homeland Security\n\n\n           training. Employees are provided with a role-specific training checklist and are\n           assigned to a trainer. Role-specific training checklists contain those job and\n           mission-critical skills that the trainee is required to know and in which the\n           trainee is required to demonstrate proficiency before being allowed to work\n           unsupervised on Secure Flight systems.\n\n           Watch Managers are required to complete CSA and SFA certification, as well as\n           Watch Manager training, as they may have to perform these duties at any time.\n           Watch Managers complete their initial training at Annapolis Junction and finish\n           their certification at their respective SOC.\n\n           Secure Flight Program Organization\n\n           The Secure Flight program consists of the following key offices: Business\n           Architecture, Process, and Planning; Privacy; Industry Performance and Analysis;\n           Change Management; and Program Management. In addition, TTAC Technology\n           serves an important role in supporting Secure Flight systems.\n\n           Business Architecture, Process, and Planning\n\n           This office focuses on system transmissions, reengineering processes, and\n           managing relationships with external offices within and outside of DHS, with the\n           exception of the aircraft operators. The office is organized into three teams.\n\n                  \xe2\x80\xa2\t Team 1: Works on issues related to receiving the watch list data, watch\n                     list matching, and Secure Flight responses to aircraft operators.\n\n                  \xe2\x80\xa2\t Team 2: Works with scheduling Secure Flight system releases and\n                     requirements, production issues, and reports, such as those related to\n                     SFPD.\n\n                  \xe2\x80\xa2\t Team 3: Works on security requirements and coordinates with CBP to\n                     ensure that technical and operational information is exchanged. These\n                     areas include testing aircraft operator SFPD transmissions, system\n                     outages, new requirements, and configuration changes.\n\n\nwww.oig.dhs.gov                                  13\t                                     OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           Team personnel have additional responsibilities, such as project management for\n           new system requirements, which can include defining system changes, conducting\n           weekly meetings, or facilitating external partner collaboration and coordination.\n\n           The office also facilitates the Match Review Board and Match Review Working\n           Group, which review the watch list matching process and identify ways to reduce\n           \xe2\x80\x9cfalse positive\xe2\x80\x9d rates during passenger prescreening. A false positive is a\n           passenger incorrectly identified as a potential match to an entry in the watch list.\n           The Match Review Board and Match Review Working Group are quality control\n           measures used by the Secure Flight program to ensure that the overall system\n           performance is accurate and timely. Both provide a forum for regular review of\n           Secure Flight match review procedures, to take corrective action or make\n           recommendations for changes. They also review system-generated matching\n           results regularly to identify problem areas or possible improvements, and\n           provide those results to the Secure Flight program and TSA senior leadership for\n           consideration.\n\n           Privacy Office\n\n           This office has helped to develop and implement a comprehensive privacy\n           program to protect passenger personally identifiable information provided by\n           aircraft operators. The Secure Flight privacy program aligns with TSA privacy\n           principles, complies with industry best practices, and provides a defined redress\n           process.\n\n           Industry Performance and Analysis\n\n           This office is composed of the Compliance Monitoring, Industry Performance,\n           and Reporting and Analysis Groups. When the office is informed of a compliance\n           issue, the Compliance Monitoring Group analyzes the issue and forwards a\n           compliance package to TSA\xe2\x80\x99s Office of Security Operations or Office of Global\n           Strategies to determine whether an investigation needs to be initiated. Airline\n           Implementation Managers (AIMs) within the Industry Performance section liaise\n           with aircraft operators on a daily basis to assist with issues, as needed.\n           Reporting and Analysis is responsible for taking data from the SOC and creating\n\n\nwww.oig.dhs.gov                                14                                        OIG-12-94\n\x0c                                  OFFICE OF INSPECTOR GENERAL\n                                      Department of Homeland Security\n\n\n            reports, such as individual aircraft operator performance or response times, for\n            the Secure Flight system.\n\n            TTAC Technology\n\n            This office develops information technology systems and maintains and operates\n            all TTAC systems. TTAC Technology officials said that 70% of their work, which\n            includes testing and deploying changes, involves the Secure Flight system.\n\n            Aircraft Operator Secure Flight Implementation Process\n\n            To allow watch list matching and admissibility determinations to be made before\n            a flight departs to or from the United States, aircraft operators must be able to\n            submit SFPD electronically to Secure Flight, and must also electronically submit\n            passenger manifest information to CBP\xe2\x80\x99s Advance Passenger Information\n            System. 25 The Advance Passenger Information System is an electronic data\n            interchange system approved by CBP for air and vessel carrier transmissions of\n            electronic passenger, non-crewmember (such as an animal handler on a cargo\n            plane), and crewmember manifest data. The system processes biographical data\n            from travelers, allowing it to be checked against law enforcement databases and\n            watch lists. The Secure Flight final rule allowed for a phased implementation, in\n            which TSA first assumed watch list matching responsibility for domestic flights.\n            During this interim period, CBP prescreened international passengers against\n            watch list systems and data subsets through the Advance Passenger Information\n            System until Secure Flight was ready to begin watch list matching for all\n            domestic and international passengers. CBP continues to screen international\n            manifests through the Advance Passenger Information System.\n\n            To transmit data to DHS for both the Advance Passenger Information System and\n            Secure Flight, aircraft operators must connect to and submit passenger data\n            through a single DHS portal. This portal allowed DHS to integrate the watch list\n\n   25\n     Aircraft manifests are lists of all passengers and crew on board a flight. Manifest information includes\n   the full name, date of birth, gender, citizenship, country of residence, status on board the aircraft (i.e.,\n   passenger or crew member), DHS-approved travel document type, travel document number, travel\n   document country of issuance, travel document expiration date, alien registration number (if applicable),\n   and address while in the United States.\n\nwww.oig.dhs.gov                                         15                                               OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           matching component of Secure Flight into the Advance Passenger Information\n           System, thus streamlining the transmission of passenger information by aircraft\n           operators.\n\n           Transition to Secure Flight and System Test Phases\n\n           Transitioning aircraft operators to implement Secure Flight has been a complex\n           process of training, technical adjustments, and system testing, which continues,\n           on a limited basis, for new aircraft operators. As a result, Secure Flight provides\n           orientation training, technical support by phone, job aids, and training materials,\n           as well as simulations to help aircraft operators comply with program\n           requirements. Each aircraft operator designates an implementation point of\n           contact, who communicates with Secure Flight AIMs and deployment teams.\n           Teams include technical representatives who assist aircraft operators in\n           completing required testing phases.\n\n           Secure Flight conducts testing in four phases: (1) aircraft operator internal\n           system; (2) connectivity; (3) system-to-system interface; and (4) follow-on.\n           Because aircraft operators are not required to update their existing systems to\n           connect to Secure Flight, and because some systems are older, the process of\n           transmitting and receiving data between older and newer systems is complex.\n           As a result, system-to-system interface testing is an important phase. During this\n           phase, aircraft operators are given data sets to transmit to Secure Flight through\n           a test environment to ensure that all data are sent and can be read by the\n           system, and that aircraft operators receive a proper BPPR from Secure Flight in\n           return. During system-to-system interface testing and later through reporting\n           tools, Secure Flight tests to ensure that it is receiving full passenger data.\n\n           Once aircraft operators complete a full range of system and operational testing,\n           they can begin applying Secure Flight BPPR, which is referred to as the cutover.\n           The first aircraft operator \xe2\x80\x9cdomestic cutover\xe2\x80\x9d occurred on January 27, 2009.\n           However, the first major aircraft operator domestic cutover occurred on\n           November 5, 2009. Domestic carrier cutover was completed on June 22, 2010,\n           and foreign carrier cutover was completed on November 23, 2010.\n\n\n\nwww.oig.dhs.gov                                16                                       OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           For aircraft operators with manual reservation systems, Secure Flight has an\n           alternative to the DHS portal: a web application system called eSecure Flight.\n           The system uses a secure user verification process to accept manually entered\n           passenger information. Because the data for each passenger must be typed into\n           the system, larger aircraft operators have generally modified their reservation\n           and departure control systems to avoid manual data entry. As a result, eSecure\n           Flight is typically used by smaller aircraft operators that have reservation\n           systems with low volume. During our fieldwork, Secure Flight program officials\n           said that 32 aircraft operators had cutover to eSecure Flight.\n\n           Secure Flight Program Partners\n\n           In addition to continuing partnerships with aircraft operators, the Secure Flight\n           program collaborates and communicates with various DHS components and\n           external departments and agencies that interact with aircraft operators or are\n           involved in passenger prescreening and vetting.\n\n           Passenger Prescreening and Vetting\n\n           The TSC, for example, provides Secure Flight with an export of TSDB watch list\n           records for passenger prescreening. Secure Flight receives TSDB watch list\n           updates                                             and may receive expedited \n\n           list updates at any time. The TSC has been working with CBP and TSA\xe2\x80\x99s Secure\n           Flight program to implement the Department\xe2\x80\x99s Watch List Service (WLS), which\n           will provide DHS with real-time access to continuously updated TSDB watch list\n           records. Secure Flight uses these records to assess, vet, and determine potential\n           passenger matches, which it forwards to the TSC for review and, as necessary,\n           final identity match determination. Secure Flight can identify matches, but only\n           the TSC has the authority to make final identity match determinations.\n\n           TSA OI analysts are colocated at both SOC locations, and provide subject matter\n           expertise to SFAs to assist in confirming potential passenger matches to TSDB\n           watch list records. When matches are identified, TSA OI analysts at Secure Flight\n           contact the TSC for determinations on whether passenger matches are positive\n           matches to TSDB watch list records. Once a determination is made, TSA OI\n\n\nwww.oig.dhs.gov                                17                                       OIG-12-94\n\x0c                                   OFFICE OF INSPECTOR GENERAL\n                                       Department of Homeland Security\n\n\n            communicates this information to the Intelligence Community and the TSA\n            Freedom Center to execute operational response to the match.26\n\n            DHS TRIP is a multiagency effort designed to provide fair and timely redress, or\n            remedy, to travelers who have difficulties with Federal Government screening\n            and border crossing processes. DHS TRIP is the Federal Government\xe2\x80\x99s one-stop\n            traveler redress process for coordinating the review, adjudication, and response\n            to traveler redress requests. All travelers who apply through DHS TRIP receive a\n            redress number. However, as DHS TRIP adjudicates all redress cases, only\n            travelers who are not matches to TSDB watch list records are added to the DHS\n            TRIP Cleared List. When purchasing tickets, all passengers may enter their\n            redress number, but only passengers with redress numbers that match the DHS\n            TRIP Cleared List are automatically cleared by the Secure Flight system. This\n            process helps to prevent terrorists from determining their watch list status, even\n            though they have a redress number. DHS TRIP provides                            and\n            then the list is provided to Secure Flight. DHS TRIP program officials said that\n            they work with Secure Flight on traveler complaints.\n\n            CBP, through its National Targeting Center\xe2\x80\x93Passenger, also screens international\n            passengers. While Secure Flight screens all domestic and international\n            passengers for matches against relevant TSDB watch list records, CBP screens all\n            international passenger data for admissibility through several systems, including\n            the Automated Targeting System\xe2\x80\x93Passenger. The Automated Targeting System\xe2\x80\x93\n            Passenger develops risk assessments for each traveler based on rule sets that\n            pertain to specific operational, tactical, or local enforcement objectives. The\n            Automated Targeting System\xe2\x80\x93Passenger provides records of passengers who\n            have met the risk assessment threshold to Secure Flight for prescreening.\n            Secure Flight uses this list to identify travelers requiring enhanced screening\n            prior to boarding an aircraft. For international inbound passengers, the Secure\n            Flight data is sent to CBP where it is screened against the Electronic System for\n            Travel Authorization. The Electronic System for Travel Authorization is an\n            Internet-based system used to determine, in advance of travel, the eligibility of\n\n   26\n     The Freedom Center is TSA\xe2\x80\x99s coordination center during security incidents and operations. The center\n   plays a critical role in in-flight and checkpoint security incidents, as well as coordination for every mode of\n   transportation around the country and with law enforcement and security departments and agencies.\n\nwww.oig.dhs.gov                                          18                                                OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           Visa Waiver Program applicants to travel to the United States. These travelers\n           must apply for and receive an approved travel authorization via the system to\n           board a plane or vessel bound for the United States.\n\n           In addition, CBP maintains the DHS Router system, which processes and converts\n           aircraft operator data into SFPD for further processing by Secure Flight and CBP\n           prior to retransmission to the aircraft operators. Further, CBP\xe2\x80\x99s Office of\n           Information and Technology (OIT) will host the WLS on its servers.\n\n           Aircraft Operator Outreach\n\n           The Office of Transportation Sector Network Management and the Office of\n           Global Strategies implement TSA\xe2\x80\x99s primary aircraft operator outreach programs,\n           and often work with Secure Flight\xe2\x80\x99s Industry Performance and Analysis office.\n           Program officials at Transportation Sector Network Management and the Office\n           of Global Strategies are policy liaisons to aircraft operators, and receive from and\n           provide information to operators and trade associations regarding TSA policy or\n           regulatory changes. Both offices can communicate directly with aircraft\n           operators for systemic problems, such as training issues, although the Office of\n           Global Strategies is the primary liaison for foreign air carriers and international\n           issues.\n\n           When SOC or Secure Flight program analysts notice irregular changes to SFPD\n           information, Industry Performance and Analysis program officials create a\n           compliance package. This package is forwarded to the Office of Global Strategies\n           when activities involve foreign air carriers and U.S. aircraft operators operating\n           in international locations. TSA\xe2\x80\x99s Office of Security Operations handles\n           compliance issues for domestic flights. Both Offices of Security Operations and\n           Global Strategies, however, conduct investigations concerning compliance issues\n           based on their respective guidelines and authorities.\n\n           Secure Flight\xe2\x80\x99s operations require coordination with the Federal Aviation\n           Administration (FAA), which controls aircraft within U.S. airspace. During some\n           incidents, such as a No Fly passenger transiting U.S. airspace, a Selectee\n           transiting U.S. airspace without proper screening\n                                TSA requests the FAA\xe2\x80\x99s assistance in tracking passengers and\n\nwww.oig.dhs.gov                                19                                        OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           controlling flights. When these incidents occur, Secure Flight notifies the\n           Freedom Center, which communicates directly with the FAA. The FAA then\n           tracks the flight and communicates with the aircraft\xe2\x80\x99s pilot-in-command to\n           provide any additional instructions.\n\n           Through collaboration and coordination with internal and external partners, the\n           Secure Flight program prescreens passengers to assist TSA in enhancing aviation\n           security. We reviewed the Secure Flight program to determine whether it is\n           screening all appropriate persons and whether the processes for aircraft\n           operators to submit passenger data and receive boarding pass instructions are\n           timely and effective. We also reviewed how the Secure Flight program tests its\n           screening processes for accuracy, prioritization, and timeliness, as well as how\n           the program is protecting varying layers of personally identifiable and sensitive\n           watch list information.\n\n   Results of Review\n\n              program officials monitor data transmissions to ensure that Secure Flight\n   receives, prescreens, and vets all relevant passenger data. The program relies on\n   aircraft operator compliance in submitting full and accurate passenger data, and SOC\n   Watch Managers use their discretion to determine which issues are forwarded for\n   further review or investigation.\n\n   Since Secure Flight has assumed responsibility for passenger prescreening from aircraft\n   operators, the program has provided a more consistent watch list matching process.\n   This process, however, is sometimes disrupted by DHS and airline system outages,\n   which may require aircraft operators to revert to alternative procedures that may\n   include pre-Secure Flight watch list matching procedures and protocols. To reduce\n   disruptions, Secure Flight has operation center and system redundancy. Secure Flight\n   also includes privacy safeguards to protect passenger personal data and sensitive watch\n   list records and information. As the Secure Flight program\xe2\x80\x99s scope expands by\n   developing and implementing additional initiatives, program officials should prioritize\n   mission-critical elements first, and collaborate and communicate more effectively with\n   relevant partners.\n\n\nwww.oig.dhs.gov                                20                                        OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           Secure Flight Relies on Passenger- and Aircraft Operator-Submitted Data and\n           Aircraft Operator Compliance To Conduct Watch List Matching\n\n           The Secure Flight program relies on the accuracy of the information passengers\n           submit during the reservation process. Aircraft operators submit this data to\n           Secure Flight for watch list matching. Potential matches are manually reviewed,\n           and unresolved matches require aircraft operator communication to the SOC for\n           identity verification (see appendix D). According to Secure Flight program\n           officials, more than 99% of passengers are cleared prior to arrival at an airport.\n           Abnormalities, such as irregular changes to SFPD, are reported through a\n           compliance process, but this process needs more standardization.\n\n           How Aircraft Operators Submit Passenger Data to Secure Flight\n\n           All passengers are required to provide their SFPD information to aircraft\n           operators when making a reservation on a covered flight, and nontravelers must\n           do so when they seek entry to an airport\xe2\x80\x99s sterile area. A passenger who refuses\n           to provide these data elements is not permitted to board an aircraft or enter a\n           sterile area. Aircraft operators can receive this data from any medium a\n           passenger uses to make or modify a reservation (e.g., travel agency, Internet,\n           self-service kiosks, gate locations). Aircraft operators are not required to\n           validate the collected data during the reservation process.\n\n           Aircraft operators are also required to submit a passenger\xe2\x80\x99s passport number,\n           expiration date, and country of issuance, if available, and certain non-personally\n           identifiable information used to manage SFPD messages, such as the itinerary or\n           the airport code for nontravelers. An aircraft operator stores this information in\n           its automated reservation system or other passenger reservation or departure\n           control system.\n\n           The aircraft operator transmits this information as an SFPD message, which can\n           contain a new reservation record, modification of an existing record, or\n           reservation cancellation. SFPD messages may also contain multiple passenger\n           records. When the aircraft operator does not submit the passenger\xe2\x80\x99s full SFPD,\n           the Secure Flight system will return an error message to the aircraft operator.\n           Aircraft operators do not have to submit SFPD information for reservations\n\nwww.oig.dhs.gov                                21                                       OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           canceled more than 72 hours prior to flight departure. Aircraft operators\n           prioritize sending SFPD based on response time requirements and send SFPD via\n           either a high-priority or low-priority queue. Data transmitted within 72 hours of\n           departure are considered to be low priority, and data transmitted within 24\n           hours are considered high priority.\n\n           Although most aircraft operators use computerized reservation systems to store,\n           retrieve, and submit passenger\n\n\n\n\n           Secure Flight Vets Passenger Data Through an Automated Matching System\n\n           Secure Flight\xe2\x80\x99s watch list matching program is responsible for prescreening an\n           average 2 million passengers every day. The program was implemented to\n           enhance commercial air travel security, while providing an improved and\n           consistent watch list matching system across all aircraft operators. Prior to\n           Secure Flight implementation, TSA conducted a benchmark test to compare\n           aircraft operator watch list matching rates to the initial Secure Flight automated\n           matching system rates. TSA created        variations of names on the No Fly List\n           and had aircraft operators and Secure Flight attempt to match them through\n           their systems. The benchmark test determined that the average aircraft\n           operator match rate was                     aircraft operators tested, the operator\n           that performed the best matched         of name variants, the worst matched\n                 and Secure Flight matched        Secure Flight continually seeks to improve\n           its vetting system and processes to achieve a 100% matching rate.\n\n           SFPD information is vetted through the Secure Flight automated matching\n           system. This system performs automated matching of SFPD to various lists,\n\nwww.oig.dhs.gov                                22                                       OIG-12-94\n\x0c                                  OFFICE OF INSPECTOR GENERAL\n                                      Department of Homeland Security\n\n\n            including the No Fly, Selectee, and Expanded Selectee Lists, as well as the DHS\n            TRIP Cleared List, CBP\xe2\x80\x99s Automated Targeting System\xe2\x80\x93Passengers List, and the\n            Centers for Disease Control and Prevention Do Not Board List. 27 An\n            overwhelming majority of SFPD information is automatically cleared by the\n            system, with an average 8.67-second system response time for low-priority\n            records and 2.01-second average for high-priority records.\n\n            The Secure Flight automated matching system assigns a percentage score to\n            each record, indicating the confidence level of a match between the passenger\n            and the watch list entry. An exact match between SFPD information and watch\n            list data elements produces a 100% match score; as the difference in data\n            elements increases, the match score decreases. Scores must meet a minimum\n            threshold to be considered a potential match and forwarded to an SFA for\n            manual review;\n\n\n\n\n                                                which resulted in additional work.\n            Increasing the threshold enables the Secure Flight program to vet more\n            efficiently.\n\n            A cleared BPPR is transmitted from Secure Flight to aircraft operators when an\n            individual\xe2\x80\x99s score is below the threshold, or is a potential match but is also a\n            match to the DHS TRIP Cleared List. An automated Selectee BPPR is transmitted\n            for any individual matching the Expanded Selectee List, the Automated Targeting\n            System\xe2\x80\x93Passengers List, or any passenger randomly selected for enhanced\n            screening. For SFPD information that is a potential match to the No Fly,\n            Selectee, or Do Not Board Lists, an inhibited BPPR response is returned to the\n            aircraft operator and the SFPD is forwarded to an SFA for manual review.\n\n\n\n\n   27\n     The Do Not Board List consists of individuals who pose a significant health risk to other travelers and are\n   not allowed to fly.\n\nwww.oig.dhs.gov                                         23                                               OIG-12-94\n\x0c                              OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           In addition to matching original SFPD information, Secure Flight rematches SFPD\n\n           submitted with qualified updates. An example of a qualified update is a change\n\n           in any part of a passenger name or date of birth. Also, when records\n\n\n\n\n           Potential Watch List Matches Are Sent to SFAs for Manual Match Review\n\n           SFPD matches to watch list records are updated and viewed electronically in the\n           Secure Flight User Interface system, which prioritizes inhibited SFPD information\n           in a queue according to flight departure times. SFAs log into and retrieve SFPD\n           information through the Secure Flight User Interface queue to manually match\n           passenger data against watch list records. SFAs use the automated matching\n           result, passenger matching history, and the No Fly, Selectee, and DHS TRIP\n           Cleared Lists as well as searches in TIDE Online and TECS for additional details, to\n           discern whether the SFPD information is a match to the watch list record. SOC\n           personnel retrieve records from the same Secure Flight User Interface queue, so\n           a record is sent to the next available SFA regardless of the SFA\xe2\x80\x99s location.\n\n           SOC officials said the training                  is helpful in conducting these\n           searches, as SFAs can identify various\n                             The Secure Flight system also applies a number of techniques to\n           reduce false\n\n                                                                           SFAs are expected\n           to vet a minimum                         While this is not a requirement, such a\n           measure is difficult to use when assessing an SFA\xe2\x80\x99s performance\n\n\n\n\nwww.oig.dhs.gov                                 24                                       OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n                                                                                SOC officials \n\n           said this system change has resulted in reduced vetting times.\n\n           When an SFA is able to determine that SFPD information is not a match, a\n           cleared BPPR is sent to the aircraft operator. When an SFA determines that a\n           passenger is a match to the Selectee List, the SFA inhibits the record and\n           contacts a TSA OI analyst, who prepares a preliminary Selectee notification\n           report to alert the Intelligence Community and internal TSA organizations. When\n           an SFA determines that a passenger is a match to the No Fly or Do Not Board\n           List, the SFA retains the inhibited BPPR and contacts a TSA OI analyst, who\n           generates a preliminary No Fly notification report. These preliminary\n           notification reports allow Federal entities to coordinate coverage at airports and\n           on aircraft, as necessary.\n\n           When an SFA cannot determine conclusively whether the passenger is a match\n           to the No Fly, Selectee, or Do Not Board Lists using existing resources, the SFA\n           retains the inhibited status and marks the record for further review. Through\n           the resolution process, the aircraft operator will verify the passenger\xe2\x80\x99s\n           identification to update the SFPD information and call the SOC should the\n           passenger remain inhibited.\n\n           Aircraft Operators Call the SOC To Resolve Inhibited Passengers\n\n           An aircraft operator cannot print a passenger\xe2\x80\x99s boarding pass until it receives the\n           appropriate BPPR from Secure Flight. When an aircraft operator receives an\n           inhibited status, it must ask the passenger to provide a verifying identity\n           document (VID) in person at the airport. A VID is an unexpired form of\n           government-issued identification displaying the individual\xe2\x80\x99s full name, photo,\n           and date of birth. An aircraft operator agent collects, verifies, and corrects,\n           when necessary, the SFPD in the system using the information from the VID.\n           After comparing the data, the agent updates the information as necessary and\n           sends an updated SFPD submission to Secure Flight for re-matching, which is\n           conducted in near real time. When the re-matching determines that the\n           passenger is not a match, a cleared BPPR is sent to the aircraft operator. When\n           the BPPR remains inhibited, the aircraft operator agent must call the SOC for\n           resolution.\n\nwww.oig.dhs.gov                                25                                       OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           CSAs at the SOC receive resolution calls and authenticate a caller by collecting\n           aircraft operator and airport codes. CSAs ask a series of questions to confirm\n           that the aircraft operator has requested a VID and submitted any updates to\n           Secure Flight. When the aircraft operator agent has not done so, CSAs explain\n           the VID process. When the VID process has been completed, CSAs may ask, in\n           coordination with SFAs, for additional information about the passenger,\n           including the passenger\xe2\x80\x99s driver\xe2\x80\x99s license or passport number or a physical\n           description.\n                                     CSAs enter this information into the Secure Flight User\n           Interface and send the records to SFAs for matching. \n\n\n           SFAs use the additional information to vet potential matches and transmit the \n\n           appropriate BPPR.\n\n\n           When a passenger appears to be a match to the No Fly or Do Not Board Lists, the\n           current inhibited status is retained.\n\n           For positive matches, the SFA then notifies a TSA OI analyst, who generates an\n           updated notification report and assists in resolution. TSA OI analysts have access\n           to additional databases beyond TIDE Online and TECS that SFAs do not access.\n           TSA OI analysts also work with the TSC to obtain a Final Identity Match\n           Determination.\n\n           Secure Flight Is Addressing Challenges, But Some Vulnerabilities Remain\n\n           Federal Government and private sector partners recognize Secure Flight\xe2\x80\x99s value\n           and have seen improvements since its initial implementation and cutover.\n           Secure Flight has worked to address new and existing challenges, though some\n           vulnerabilities remain.\n\n           The majority of aircraft operators we interviewed note a decrease in the average\n           resolution call time since Secure Flight\xe2\x80\x99s implementation. The average call\n           response time for FY 2011 was 7 seconds with most resolution calls lasting 2 to 8\n           minutes, but a CSA will stay on a call as long as necessary to resolve any issues.\n\n\n\nwww.oig.dhs.gov                                26                                      OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                Department of Homeland Security\n\n\n           One frustration aircraft operators voiced, however, is that when a transmitted\n           BPPR is inhibited, they may spend 30 minutes or more on a resolution call, even\n           though the CSA says the passenger is cleared. For example, this may occur when\n           an original BPPR is initially marked inhibited but subsequently cleared, and then\n           the passenger changes to an earlier flight. In this example, the BPPR requires\n           revetting, during which the BPPR reverts to inhibited. Aircraft operator\n           representatives said this occurs more during irregular operations, such as\n           inclement weather events, when more passengers change flights. Some aircraft\n           operators have overridden these inhibited BPPRs and printed a cleared boarding\n           pass to keep passengers from missing flights.\n\n           Some aircraft operators we interviewed that experience this problem are told\n           that it occurs because the inhibited record is delayed in the Secure Flight User\n           Interface queue. Although Secure Flight officials said that this does not occur\n           often, these inhibited BPPRs should be handled through the high-priority queue\n           and therefore resolved quickly. In addition, an aircraft operator\xe2\x80\x99s ability to\n           override inhibited BPPRs raises concern that some inhibited passengers are not\n           being handled appropriately.\n\n           Recommendations\n\n           We recommend that the Director of the Secure Flight program:\n\n           Recommendation #1:\n\n           Identify how and when aircraft operators override an inhibited boarding pass\n           printing result and implement corrective action to eliminate unauthorized\n           overrides by aircraft operators.\n\n           Recommendation #2:\n\n           Ensure that aircraft operators prioritize Secure Flight passenger data\n           appropriately and receive an accurate, updated boarding pass printing result\n           when aircraft operators submit changes.\n\n\n\nwww.oig.dhs.gov                               27                                       OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           Management Comments and OIG Analysis\n\n           We evaluated TSA\xe2\x80\x99s written comments and have made changes to the report\n           where we deemed appropriate. A summary of TSA\xe2\x80\x99s written response to the\n           report recommendations and our analysis of the response follows each\n           recommendation. A copy of TSA\xe2\x80\x99s response, in its entirety, is included as\n           appendix C.\n\n           In addition, we received technical comments from TSA, CBP, and DHS\xe2\x80\x99 Office of\n           Policy, as well as the FBI, and incorporated these comments into the report\n           where appropriate. We also solicited comments from the FAA; however, the\n           FAA did not have any technical changes to the draft report. TSA concurred with\n           two recommendations and did not concur with two recommendations in the\n           report. We appreciate the comments and contributions made by each entity.\n\n           Management Response: TSA officials concurred with Recommendation 1. In its\n           response, TSA said that Secure Flight has always taken steps to identify how and\n           when aircraft operators inappropriately override boarding pass printing results.\n           When Secure Flight is able to identify cases of aircraft operators inappropriately\n           overriding results, TSA takes steps to ensure that screening is performed, and to\n           launch compliance investigations or responses. TSA said that it has been\n           performing these actions since Secure Flight\xe2\x80\x99s operational start-up on\n           January 27, 2009, and considers action complete on this recommendation.\n\n           OIG Analysis: We consider TSA\xe2\x80\x99s actions responsive to the intent of\n           Recommendation 1, which is resolved and open. This recommendation will\n           remain open pending the receipt of documentation demonstrating corrective\n           actions taken and planned to eliminate unauthorized overrides by aircraft\n           operators.\n\n           Management Response: TSA did not concur with Recommendation 2. In its\n           response, TSA said that Secure Flight has provided prioritization queues for the\n           aircraft operators\xe2\x80\x99 use since the inception of operations in 2009. It is, and has\n           been, the obligation of the aircraft operators to submit passenger data to the\n           appropriate (high or low) priority queue. This is, and has been, specified in\n\n\nwww.oig.dhs.gov                                28                                       OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           guidance documentation provided to aircraft operators and is tested and\n           operationally checked by Secure Flight.\n\n           TSA considers this to be an effective and efficient process to ensure the\n           prioritization of passenger data and that Secure Flight is providing accurate and\n           updated boarding pass printing results when aircraft operators submit changes\n           to Secure Flight.\n\n           OIG Analysis: Although TSA did not concur with this recommendation, we\n           consider the actions responsive to the intent of Recommendation 2, which is\n           resolved and open. While TSA has provided guidance to aircraft operators on\n           the submission of passenger data to the appropriate priority queue, issues were\n           reported to us concerning aircraft operators\xe2\x80\x99 prioritization of records and receipt\n           of accurate boarding pass printing instructions. This recommendation will\n           remain open pending our receipt of information evidencing Secure Flight\xe2\x80\x99s\n           collaboration with aircraft operators to (1) identify and remedy issues relating to\n           the submission of data to the appropriate priority queue, and (2) identify and\n           resolve inaccurate boarding pass printing results that aircraft operators receive\n           following submitted changes.\n\n           Inhibited Boarding Pass Records Are Monitored To Ensure Aircraft Operator\n           Compliance\n\n           Secure Flight does not know when an aircraft operator or passenger prints a\n           boarding pass. However, because the program conducts automated and manual\n           matching at least 24 hours prior to a flight\xe2\x80\x99s departure, SOC Watch Managers\n           track inhibited records to ensure that aircraft operators complete the resolution\n           process. To address this challenge, the SOC compiles a daily list of all the\n           scheduled inhibited passengers and their itinerary information. The Watch\n           Managers contact aircraft operators 30 to 45 minutes prior to flight departure\n           for a status update when a scheduled inhibited passenger has not been resolved.\n           When an inhibited passenger has incorrectly received a cleared boarding pass or\n           has otherwise gained access to the sterile area or an aircraft, the SOC\n\n\n\n\nwww.oig.dhs.gov                                29                                       OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n\n\n                      has been successful and has not resulted in an increase in resolution\n           calls or unfavorable comments from aircraft operators.\n\n           Aircraft Operators Are Adapting to Secure Flight Processes, But Concerns Remain\n           Over the Accuracy of Passenger-Submitted Data\n\n           According to Secure Flight, the SOC receives an average of 114 calls daily and\n           manually reviews an average of 39,279 SFPDs each week. As more than 200\n           aircraft operators are cutover to Secure Flight and approximately 2 million\n           passengers fly each day, agents may not be handling inhibited passengers as\n           often, and the VID and resolution processes are different from pre-Secure Flight\n           aircraft operator operating procedures. In cutting over to Secure Flight, aircraft\n           operator personnel needed to learn new processes and terminology, and had to\n           adjust their systems to reflect these changes. In addition, more than 140\n           international aircraft operators are submitting SFPD information, and some\n           communications between agents and the SOC present challenges.\n\n\n\n                          For example, one aircraft operator noted\n\n\n\n\n                                                                                     This\n           was confirmed in various Secure Flight incident reports.\n\n\n\nwww.oig.dhs.gov                                30                                       OIG-12-94\n\x0c                                   OFFICE OF INSPECTOR GENERAL\n                                       Department of Homeland Security\n\n\n            Secure Flight Is One Aspect of TSA\xe2\x80\x99s Multilayered Security Approach\n\n            Although these vulnerabilities exist, TSA uses a multilayered approach to ensure\n            the overall security of the traveling public and the Nation\xe2\x80\x99s transportation\n            system (see figure 1). For example, Travel Document Checkers are specially\n            trained TSA Transportation Security Officers who verify boarding passes and\n            identification documents at airport checkpoints before allowing a traveler or\n            nontraveler access to an airport\xe2\x80\x99s sterile area. On aircraft, Federal Air Marshals28\n            and Federal Flight Deck Officers29 provide another security layer. In addition to\n            Secure Flight prescreening efforts, CBP\xe2\x80\x99s National Targeting Center\xe2\x80\x93Passenger\n            provides passenger vetting for international flights.\n\n\n\n                                                              These partners work together to serve the\n\n            larger mission of aviation security.\n\n            Figure 1 illustrates that an individual would have to overcome multiple security\n            layers, irrespective of the path used, to breach aviation security; paths are\n            represented by vertical dotted lines.\n\n\n\n\n   28\n      Federal Air Marshals blend in with passengers and rely on their training, including investigative\n   techniques, criminal terrorist behavior recognition, firearms proficiency, aircraft-specific tactics, and close\n   quarters self-defense measures, to protect the flying public.\n   29\n      Under this program, eligible flight crewmembers are authorized by TSA\xe2\x80\x99s Office of Law\n   Enforcement/Federal Air Marshal Service to use firearms to defend against an act of criminal violence or air\n   piracy attempting to gain control of an aircraft. A flight deck crewmember may be a pilot, flight engineer, or\n   navigator assigned to the flight.\n\nwww.oig.dhs.gov                                          31                                                OIG-12-94\n\x0c                                   OFFICE OF INSPECTOR GENERAL\n                                       Department of Homeland Security\n\n              Figure 1: TSA Multilayered Security Approach 30\n\n\n\n\n              Source: TSA.\n\n\n   30\n        Visible Intermodal Prevention and Response (VIPR) teams augment security at key transportation\n\nwww.oig.dhs.gov                                        32                                                OIG-12-94\n\x0c                                 OFFICE OF INSPECTOR GENERAL\n                                     Department of Homeland Security\n\n\n           Although SOC Personnel Use Discretion When Reporting Incidents, No Formal\n           Compliance Standards Exist\n\n           Secure Flight officials monitor aircraft operator SFPD submissions for quality and\n           compliance, and recommend corrective action when necessary. Most\n           compliance issues are discovered by SOC personnel during daily operations with\n           regular monitoring of inhibited passenger BPPR and personnel reporting\n           abnormalities. \n\n\n\n\n           When aircraft operator issues occur, Watch Managers determine whether to\n           compile a compliance package and forward it for review and investigation.\n           Watch Managers use the Secure Flight final rule and the Consolidated User\n           Guide as guidelines in making these determinations. The Consolidated User\n           Guide provides technical and operational guidance and requirements to comply\n           with the Advance Passenger Information System Pre-Departure final rule and the\n           Secure Flight final rule, respectively.\n\n           According to Secure Flight officials, although Watch Managers have no written\n           guidance concerning compliance issues, managers know what is expected of\n           aircraft operators. When Watch Managers suspect a compliance issue, they\n           collect all relevant documentation, such as call logs and Secure Flight User\n           Interface screenshots, and forward the information via email to the Secure\n           Flight\xe2\x80\x99s Industry Performance and Analysis Compliance Group. As of October\n           2011, the SOC was updating its notification process with automated forms.\n\n           The Industry Performance and Analysis Compliance Group analyzes the potential\n           compliance issue and forwards the results to TSA\xe2\x80\x99s Offices of Security Operations\n           or Global Strategies. These two entities then determine whether to initiate an\n           investigation. The Industry Performance and Analysis Compliance Group\n\n\n\n   facilities in urban areas around the country. Teams work with local security and law enforcement officials\n   to supplement existing resources, provide deterrent presence and detection capabilities, and introduce an\n   element of unpredictably to disrupt potential terrorist planning activities.\n\nwww.oig.dhs.gov                                       33                                              OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           monitors the investigations and compiles a report that provides an update on\n           closed investigations to the SOC.\n\n           The Office of Security Operations\xe2\x80\x99 Compliance Programs conducts investigations\n           for both domestic aircraft operators and foreign air carriers at domestic\n           locations. When Compliance Programs receives a specific incident report, it\n           conducts a preliminary investigation to determine whether to initiate a full\n           investigation. When the investigation results in a compliance violation,\n           Compliance Programs mails a letter of investigation requiring the aircraft\n           operator to devise and offer a corrective action plan. Domestic aircraft\n           operators have 20 days to respond to the letter, and foreign air carriers have 30\n           days to respond. The Office of Security Operations also conducts Special\n           Emphasis Inspections to determine compliance. These are routine tests in which\n\n                        the No Fly and Selectee Lists.\n\n           Compliance Programs uses a progressive enforcement method as defined in its\n           Inspection and Enforcement Manual. Penalties usually begin with a letter of\n           warning or administrative action, followed by fines, which are capped at\n           $27,500. Once the compliance investigation is finished, recommendations are\n           entered into a compliance system, which is accessed by TSA\xe2\x80\x99s Office of Chief\n           Counsel. The Office of Chief Counsel gives the aircraft operators the opportunity\n           to pay immediately, have an informal conference, or defer the action to an\n           Administrative Law Judge.\n\n           The Office of Global Strategies deals strictly with aircraft operators overseas and\n           foreign governments. Its authority includes international flights that depart for\n           the United States and international flights that transit and overfly U.S. airspace.\n           The compliance process begins when the Office of Global Strategies receives a\n           compliance package from Secure Flight concerning a possible aircraft operator\n           violation. The results are forwarded to the responsible Regional Operations\n           Center within the Office of Global Strategies\xe2\x80\x99 Global Compliance Division, which\n           conducts the investigation. Additionally, an International Industry\n           Representative within the Office of Global Policy and Engagement conducts\n           outreach to the aircraft operators and requests more information on what\n           occurred. These results are also forwarded to the Global Compliance Division.\n\nwww.oig.dhs.gov                                34                                        OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           Office of Global Strategies officials said that the number of compliance packages\n           has decreased as aircraft operators become more comfortable with the Secure\n           Flight system and processes.\n\n           Although compliance issues have declined since aircraft operators cutover,\n           Secure Flight needs defined thresholds when making compliance\n           determinations. Without defined compliance thresholds, it is difficult to ensure\n           that Secure Flight identifies and forwards all appropriate compliance issues.\n\n           Recommendation\n\n           We recommend that the Director of the Secure Flight program, in coordination\n           with the Office of Security Operations Compliance Programs and Office of Global\n           Strategies:\n\n           Recommendation #3:\n\n           Establish formal guidance that clearly defines Secure Flight program processes\n           for reporting aircraft operator compliance issues to the Office of Security\n           Operations and Office of Global Strategies.\n\n           Management Comments and OIG Analysis\n\n           Management Comments: TSA officials concurred with Recommendation 3. In\n           its response, TSA said that Secure Flight has processes in place for reporting\n           potential compliance issues to the TSA Office of Security Operations and Office\n           of Global Strategies. In December 2011, Secure Flight organized a meeting with\n           these offices to discuss how best to coordinate compliance issues and share\n           information that is mutually beneficial to all three offices. TSA said that Secure\n           Flight is currently working to schedule follow-up meetings with both offices in\n           the near future to formalize the process.\n\n           OIG Analysis: We consider TSA\xe2\x80\x99s actions responsive to the intent of\n           Recommendation 3, which is resolved and open. The recommendation will\n           remain open pending our receipt of formalized standard operating procedures\n\n\nwww.oig.dhs.gov                                35                                       OIG-12-94\n\x0c                              OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           that establish clear processes for when and how to report aircraft operator\n           compliance issues.\n\n           Secure Flight Relies on the Availability of the DHS Router, But Some Disruptions\n           Occur\n\n           Because Secure Flight program operations are transactional, it is imperative that\n           aircraft operators, the DHS Router, and Secure Flight maintain connectivity.\n           Secure Flight alerts aircraft operators of upcoming routine maintenance and\n           provides specific instructions for reporting any disruptions or connectivity issues.\n           During disruptions, aircraft operators continue to operate by using one of six\n           alternative options approved by Secure Flight. The frequency, duration, and\n           monitoring of DHS Router disruptions are important to understanding potential\n           vulnerabilities to the Federal Government\xe2\x80\x99s watch list matching efforts.\n\n           Secure Flight Notifies Aircraft Operators of System Maintenance\n\n           When CBP OIT conducts routine maintenance on the DHS router, CBP officials\n           alert Secure Flight, which in turn informs aircraft operators. Secure Flight also\n           notifies aircraft operators when it schedules maintenance to the automated\n           matching system or to the Secure Flight test environment. These notifications\n           provide aircraft operators with situational awareness in case any difficulties\n           arise.\n\n           During Disruptions, TSA and CBP Work To Identify the Source\n\n           When disruptions occur, aircraft operators are typically the first to notice and\n           initiate a reporting sequence as required in the Consolidated User Guide. Each\n           aircraft operator has a designated point of contact who is instructed to call the\n           SOC immediately after noticing a disruption in service, regardless of its source.\n           Upon receiving a disruption call, a CSA documents the problem and notifies the\n           Watch Manager. The Watch Manager initiates a service disruption procedure\n           and conference call with TSA\xe2\x80\x99s Operations Support Desk to assess the situation.\n           The Operations Support Desk opens a bridge call with CBP\xe2\x80\x99s OIT Technology\n           Service Desk to start the troubleshooting process.\n\n\nwww.oig.dhs.gov                                 36                                       OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           During the conference call, operational support staff assesses the situation to\n           identify the problem and determine the effect of the disruption. Generally,\n           there are\n\n                                                                     Once the disruption and\n           effect have been identified, a severity level is established and communicated to\n           the Watch Manager. At that time, the Watch Manager sends a disruption\n           notification email to provide regular updates to various TSA officials and an\n           Initial Warning Order of the service disruption to affected aircraft operators. The\n           Watch Manager also authorizes the affected aircraft operators to use\n           alternate service disruption options.\n\n   Aircraft Operators Have Watch List Matching Alternatives During System Disruptions\n\n           During any type of disruption that prevents aircraft operators from receiving\n           Secure Flight BPPR, aircraft operators have    alternatives to continue\n           operations, described in the\n\n\n\n\nwww.oig.dhs.gov                                37                                       OIG-12-94\n\x0c                              OFFICE OF INSPECTOR GENERAL\n                                  Department of Homeland Security\n\n\n\n                                                                                    which can \n\n           only be accessed by authorized aircraft operator personnel.\n\n\n           Although these options are available to aircraft operators, several airline\n           industry partners we spoke with said that aircraft\n                                         Some officials at DHS, TSA, and the TSC discussed\n\n                              However, aircraft operators currently use the watch list to\n\n\n\n\n                                                Secure Flight officials explained, however, \n\n           that as a result of the TSA and CBP Chief Information Officers\xe2\x80\x99 efforts to prioritize \n\n           the resolution                                               the relationship \n\n           between the two components has improved. Both components worked\n           together to develop a formal procedure to isolate and resolve disruptions, and\n           keep all parties informed of disruption status. Additionally, CBP OIT and Secure\n           Flight have weekly management and technical meetings, and both appear\n           satisfied with continuing communication improvements.\n\n           Monitoring the DHS Router Consistently Appears Problematic\n\n\n\n\nwww.oig.dhs.gov                                 38                                         OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                Department of Homeland Security\n\n\n\n\n           The data provided by Secure Flight and CBP OIT indicate\n\n\n                                                                      For example, between\n           January 1 and July 31, 2011, CBP OIT reported\xe2\x80\x94\n\n                  \xe2\x80\xa2\n\n\n\n\n           Secure Flight, however, reported\n\n\n\n\n                                                        Due to the essential nature of\n           information received and transmitted by the DHS Router, our office may review\n           these issues at a later date.\n\n           Secure Flight Has Full Site Redundancy and Conducts System Testing To Ensure\n           Availability\n\n           To reduce possible disruptions and ensure availability, TTAC Technology\n           conducts Secure Flight system and regression testing and monitors the system\n\nwww.oig.dhs.gov                               39                                     OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                Department of Homeland Security\n\n\n           continuously. Secure Flight program officials also conduct routine tests on\n           aircraft operators to confirm receipt of SFPD when system changes occur.\n           Secure Flight has redundant systems and sites, which allow passenger information\n           matching to continue should one site or system experience a disruption.\n\n           TTAC Technology Conducts System Testing\n\n           Before new releases or updates to the Secure Flight system are implemented,\n           TTAC Technology conducts performance and regression testing in a simulated\n           environment to ensure appropriate functionality. TTAC Technology applies a\n           new system release to the test environment system to determine whether the\n           release causes any errors or unnecessarily slows the system. TTAC Technology\n           conducts these tests again once the release has been fully implemented to the\n           automated matching system to verify that there are no adverse system effects\n           that were not present in the test environment. These tests also check the\n           system\xe2\x80\x99s capacity to manage high-volume periods and high-priority response\n           times. TTAC Technology monitors the system, including automatic linkages,\n           interfaces, and network connectivity to the DHS Router, and alerts relevant\n           parties when there are issues with aircraft operator connections.\n\n           Although TTAC Technology is responsible for ensuring system availability, Secure\n           Flight\xe2\x80\x99s Industry Performance and Analysis office conducts routine Production\n           Validation Testing of aircraft operator SFPD submissions. This replicates some of\n           the testing Industry Performance and Analysis uses to test aircraft operators\n           during cutover. Replication, however, validates that, despite changes to Secure\n           Flight\xe2\x80\x99s system and possible changes to the aircraft operator systems, Secure\n           Flight is receiving data properly and receiving complete SFPD during\n           transmissions.\n\n           Secure Flight Has Site and System Redundancy\n\n           In addition to TTAC Technology and Secure Flight program testing, Secure Flight\n           operations were designed to be redundant, and to reduce the likelihood and\n           duration of outages. This includes two fully redundant SOC sites and systems in\n           geographically dispersed locations: Annapolis Junction, MD, and Colorado\n           Springs, CO. Both operation centers have full-time personnel and servers that\n\nwww.oig.dhs.gov                               40                                       OIG-12-94\n\x0c                              OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           run simultaneously every day. Each site can handle full operations should the\n           other site experience difficulties. This redundancy helps to ensure that at least\n           one server is running continuously. If there is a disruption, either location\n           handles all resolution calls and SFPD information vetting.\n\n           In addition, Secure Flight has a continuity of operations plan and a continuity\n           manager. During our fieldwork, continuity training was being developed and the\n           continuity of operations plan was being expanded. The redundancy of Secure\n           Flight\xe2\x80\x99s systems and sites was tested on August 23, 2011, when a 5.8 magnitude\n           earthquake affected Government operations throughout the east coast. As the\n           Maryland center was evacuated, continuity officers alerted the Colorado center\n           regarding the disruption. SOC and program officials confirmed that the\n           automatic switching or failover to the Colorado site was executed according to\n           the continuity of operations plan. The failover did not stress operations. During\n           this time, additional analysts were placed on standby at the Colorado site in case\n           building inspectors were unable to clear the Maryland site for operations within\n           24 hours. The Maryland site remained closed from approximately 2:00 p.m. to\n           11:30 p.m., and Secure Flight officials said that no disruption to passenger\n           screening occurred.\n\n           Secure Flight Has Developed Safeguards To Protect Personal Data and Watch\n           List Records\n\n           Secure Flight has developed procedures to ensure that passengers are aware of\n           information requirements and how to obtain additional information regarding\n           the collection and use of this data. Secure Flight has a privacy program that\n           adheres to Government standards and ensures that personnel are adequately\n           trained.\n\n           Secure Flight Receives Minimal Personal Data and Limits External Requests\n\n           Secure Flight receives the minimal passenger personal data required to conduct\n           effective passenger matching against the No Fly List, Selectee List, and other\n           lists. TSA also requires aircraft operators to provide a specified privacy notice on\n           their websites or self-service kiosks prior to collecting passenger or nontraveler\n           information. This privacy notice informs passengers of the data required to\n\nwww.oig.dhs.gov                                 41                                       OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           enter the boarding area and that this information may be shared with law\n           enforcement, intelligence agencies, or others under its System of Records\n           Notice. It refers passengers to the published System of Records Notice and\n           Privacy Impact Assessment. The System of Records Notice specifies the\n           circumstances under which Secure Flight records or information may be shared,\n           for what purposes, and with whom. The Privacy Impact Assessment is used to\n           identify and mitigate privacy risks of collecting, maintaining, and disseminating\n           Secure Flight information. Aircraft operators must also ensure that third-party\n           reservation websites provide this privacy notice prior to collecting passenger\n           information.\n\n           According to DHS officials, Secure Flight also limits personal data and information\n           requests from external agencies and limits requests to those related to terrorism\n           and national transportation security. When an external request is received, it\n           must be reviewed by the TSA Office of Chief Counsel and TSA Office of Privacy.\n           The Privacy Impact Assessment helps the public understand what personal data\n           are being collected, why they are being collected, and how they will be used.\n           TSA\xe2\x80\x99s Privacy Office recently formalized the annual review of the Privacy Impact\n           Assessment, which includes determining whether the program is still operating\n           in accordance with the published Privacy Impact Assessment or whether the\n           assessment requires updating. In August 2011, Secure Flight updated its Privacy\n           Impact Assessment to address new initiatives, such as Known Traveler. The\n           Known Traveler initiative aims to identify low-risk passengers and expedite their\n           screening process.\n\n           Secure Flight Has a Privacy Program To Protect Passenger Data and Provides\n           Additional Privacy Training To Secure Flight Personnel\n\n           In addition to these public notices, Secure Flight has developed and\n           implemented a comprehensive privacy program to protect SFPD personally\n           identifiable information provided by aircraft operators. According to the Secure\n           Flight Concept of Operations, the privacy program meets all privacy standards\n           set forth by the U.S. Government, aligns with TSA privacy principles, complies\n           with industry best practices, and provides a defined redress process. The TSA\n           Privacy Office has a Privacy Officer colocated with Secure Flight to ensure that\n\n\nwww.oig.dhs.gov                                42                                       OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           privacy is addressed in all aspects of the program, from developing initiatives to\n           releasing system updates.\n\n           Secure Flight ensures that employees receive privacy training required of all TSA\n           employees as well as additional and recurrent Secure Flight privacy training. To\n           manage personally identifiable information and sensitive watch list data, Secure\n           Flight restricts physical access to the SOC and has user-controlled system access,\n           which is based on what each person needs to know to perform his or her duties.\n           Documents containing personal data or sensitive information are password\n           protected when sent via email. To prevent the disclosure of personal data to\n           unauthorized users, Secure Flight has an authentication process for eSecure\n           Flight users and for aircraft operators placing resolution calls. The Secure Flight\n           Privacy Officer conducts privacy compliance audits and an ad hoc review of\n           passenger information entered into the Secure Flight User Interface. Any issues\n           are reported to TSA\xe2\x80\x99s Privacy Office.\n\n           Secure Flight also follows privacy standards for retaining personally identifiable\n           information and regularly purges privacy data. For example, as approved by the\n           National Archives and Records Administration, the Secure Flight records\n           retention schedule provides for a retention period of 7 days for individuals who\n           are not a match to the Government watch list, 7 years for individuals who are a\n           potential match, and 99 years for individuals who are a confirmed match. The\n           Secure Flight Privacy Officer also conducts weekly purge compliance spot checks.\n\n           Secure Flight Should Prioritize Its Mission, While Developing and Implementing\n           Initiatives\n\n           Although Secure Flight has been screening domestic and international\n           commercial aircraft operator passengers for around 1 year, the program has\n           taken on or participated in developing a series of new initiatives: WLS,\n           overflights, risk-based security, barcode encryption on boarding passes, and a\n           Joint Analysis Center. DHS Offices of Privacy and for Civil Rights and Civil\n           Liberties are consulted during initiative development, as appropriate. While\n           these initiatives may help to improve the efficiency and effectiveness of\n           passenger prescreening, it is prudent for Secure Flight to prioritize and focus on\n           its mission and mandate.\n\nwww.oig.dhs.gov                                43                                        OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                Department of Homeland Security\n\n\n           Watch List Service Changes Will Enhance Secure Flight Processes, But Delays\n           Exist\n\n           During our fieldwork, Secure Flight was receiving daily updates from the TSDB,\n           with urgent updates as necessary. Secure Flight began implementing a change,\n           which will serve as an improved method of transmitting data from the TSC to\n           Secure Flight. Secure Flight will now connect to CBP to access the WLS, a near\n           real-time export of the TSDB, which will eliminate the need for a daily export to\n           the SOC. When the TSC adds, modifies, or deletes data from the TSDB, the WLS\n           export of the TSDB will be automatically synchronized. This change is expected\n           to result in a more timely and accurate match review process, which is essential\n           to Secure Flight\xe2\x80\x99s operational effectiveness. Although the final WLS rollout was\n           expected by spring 2011, Secure Flight delayed implementation to complete\n           testing the Known Traveler program. At the end of our fieldwork, DHS officials\n           estimated that the WLS changeover would be implemented in the first quarter of\n           2012.\n\n           Secure Flight Has Developed Guidelines for Overflight Implementation\n\n           The Secure Flight final rule covers aircraft operators overflying the continental\n           United States, excluding some domestic flights within Canada and Mexico that\n           transit U.S. airspace. A flight not required to submit SFPD, for example, would\n           include a flight from Montreal, Canada, to Halifax, Canada, although a portion of\n           this flight transits U.S. airspace. During overflight requirements development,\n           implementation was deferred, but a pilot test occurred on May 26, 2011, with an\n           Air France flight from Paris, France, to Mexico City, Mexico. The draft overflight\n           requirements were submitted to foreign air carriers for review and comment,\n           and the Office of Global Strategies and Secure Flight received responses from\n           August 15 to September 30, 2011. Subsequent to the completion of our\n           fieldwork, TSA officials notified us that the comments have been reviewed and\n           addressed, and the requirements approved by the TSA Administrator. The final\n           Model Security Program was published on February 8, 2012, and foreign air\n           carriers had until March 8, 2012, to comply.\n\n           To prevent confusion on what flights are considered overflights, Secure Flight\n           officials obtained data from the FAA concerning flight routes that transit\n\nwww.oig.dhs.gov                                44                                      OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           continental U.S. airspace or come within 12 nautical miles of the U.S. coastline.\n           From this information, Secure Flight developed a list of airport pairs or\n           combinations of departure and arrival airports. Flights between these airports\n           will be considered overflights, requiring aircraft operators to submit SFPD\n           information. A Secure Flight official said that airport pairs will need to be\n           reviewed on a continuous basis as new flight patterns are added. In addition,\n           Secure Flight officials estimate that the airport pair configuration would add\n           approximately 78,000 flights per year and 20,000 passengers per day. As the\n           Secure Flight program currently vets more than 2 million passengers per day, the\n           additional overflight passengers are not expected to stress the system or\n           analysts\xe2\x80\x99 ability to perform SFPD information prescreening against the watch list.\n\n           Implementation of overflight screening will also include procedural differences.\n           For example, Secure Flight will neither inhibit nor provide foreign aircraft\n           operators with notifications of passenger matches to the Do Not Board List.\n           Further, Secure Flight can only recommend additional screening for passenger\n           matches to the Selectee List, and foreign aircraft operators may board No Fly List\n           passenger matches, but these flights must be diverted from U.S. airspace.\n           During our fieldwork, Secure Flight was developing a standard operating\n           procedure for reporting these instances to the FAA and TSA.\n\n           Secure Flight Is Integrating a Risk-Based Security Approach\n\n           TSA has also started developing a multi-phased risk-based security initiative in\n           which Secure Flight will be a key facilitator of these initiatives. The concept of\n           risk-based security is to develop and designate an appropriate screening level\n           based on varying passenger risks. The first phase of the risk-based security\n           initiative is the Known Traveler pilot, publicly referred to as Pre\xe2\x80\xab\xe2\x84\xa2\xdc\x82\xe2\x80\xac. While\n           Known Traveler helps identify low-risk passengers, TSA OI and Secure Flight are\n           beginning to develop a second phase of risk-based security, which will identify a\n           new category of high-risk passengers to receive additional screening.\n\n           Known Traveler passengers could be allowed to process through airport security\n           without removing their shoes or laptop computers from their carry bags. Secure\n           Flight combined elements of CBP\xe2\x80\x99s Global Entry program and worked with Delta\n           Airlines and American Airlines to identify low-risk passengers participating in\n\nwww.oig.dhs.gov                                45                                       OIG-12-94\n\x0c                                  OFFICE OF INSPECTOR GENERAL\n                                      Department of Homeland Security\n\n\n           frequent flier programs, as well as participants in similar CBP programs for low-\n           risk travelers to receive expedited border screening. 32\n\n           As Known Traveler passengers are vetted, those meeting established criteria\n           receive a designation in their SFPD. When Known Traveler passengers fly, their\n           SFPD is still vetted through the Secure Flight system for watch list matching.\n           When cleared through the automated matching system, their trusted traveler\n           status is encoded into a barcode, which is decoded with special boarding pass\n           scanners that Transportation Security Officers use at security checkpoints.\n           Private industry partners have voiced support for the Known Traveler pilot,\n           which screened 40,000 passengers in October 2011 and is expanding.\n\n           TSA Is Developing Special Boarding Pass Scanners To Address Vulnerabilities\n\n           Federal Government and private industry partners raised concerns that\n           passengers can submit false data and present false credentials or identity\n           documents to gain access to aircraft or sterile areas. To address this concern,\n           TSA and Secure Flight are developing technology to use boarding pass scanners\n           to help authenticate identity documents to ensure that all SFPD information\n           matches the information on an individual\xe2\x80\x99s identity document. This effort is\n           called the Credential Authentication Technology \xe2\x80\x93 Boarding Pass Scanning\n           Systems Initiative.\n\n           Some of this technology is currently being used as part of the Pre\xe2\x80\xab \xe2\x84\xa2\xdc\x82\xe2\x80\xacpilot. For\n           the Credential Authentication Technology \xe2\x80\x93 Boarding Pass Scanning Systems\n           Initiative, TSA and Secure Flight are working to add an encrypted data block,\n           which would include a passenger\xe2\x80\x99s name, date of birth, gender, screening status,\n           itinerary, and a date stamp. Secure Flight plans to send an encrypted code to the\n           aircraft operator to insert, but not interpret, on the boarding pass. Transportation\n           Security Officers will use boarding pass scanners to verify the authenticity of the\n           identification, while also verifying that the identification information matches\n   32\n      Global Entry, intended for frequent international travelers, allows expedited clearance for preapproved,\n   low-risk travelers upon arrival in the United States. Program participants proceed to Global Entry kiosks\n   at airports, present their machine-readable passport or U.S. permanent resident card, place their\n   fingertips on the scanner for fingerprint verification, and make a customs declaration. All applicants\n   undergo a rigorous background check and interview before enrollment.\n\nwww.oig.dhs.gov                                        46                                              OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           passenger-submitted SFPD. Existing boarding pass scanners from Pre\xe2\x80\xab \xe2\x84\xa2\xdc\x82\xe2\x80\xacwill\n           need to be modified to decrypt the data block at the checkpoints. Secure Flight\n           estimates that this capability will be ready to pilot by April 2012.\n\n           Communication Difficulties Exist in the Development and Implementation of\n           New Initiatives\n\n           Although Federal Government and private industry partners have acknowledged\n           that the Known Traveler pilot results are successful, collaboration and\n           communication difficulties have persisted throughout this and other Secure\n           Flight initiatives.\n\n           Private industry officials note that communication between TSA and aircraft\n           operators could be clearer and timelier during the planning stages. Confusion\n           among Secure Flight, TTAC, and private industry officials persists because of the\n           inconsistent program naming. For example, the Pre\xe2\x80\xab \xe2\x84\xa2\xdc\x82\xe2\x80\xacprogram was referred to\n           as Known Traveler and Trusted Traveler before it was publicly renamed Pre\xe2\x80\xab\xe2\x84\xa2\xdc\x82\xe2\x80\xac\n           just days before the pilot started. Although this program leverages elements and\n           screening eligibility determinations from several CBP programs, the DHS\n           Screening Coordination Office was not involved in planning or coordinating the\n           program\xe2\x80\x99s rollout.\n\n           Although Secure Flight has received data from the FAA, it has not worked with\n           the FAA to develop the list of airport pairs used to determine overflights. As\n           Secure Flight must rely on the FAA to help monitor overflight diversions, as well\n           as to continue reviewing airport pair determinations as new routes are added,\n           developing a working relationship would be beneficial to both entities. In its\n           written response to the draft report, TSA said that Secure Flight and the FAA\n           have had an established working relationship for overflights requirements since\n           2007. However, interviews with FAA officials during our review indicate that the\n           FAA did not perceive the relationship as collaborative. The FAA was also\n           afforded an opportunity to review and clarify language in the draft report, and\n           did not suggest any changes.\n\n           Secure Flight is also piloting and implementing a general aviation prescreening\n           initiative. This initiative has been called General Aviation and the Twelve-Five\n\nwww.oig.dhs.gov                                47                                       OIG-12-94\n\x0c                                    OFFICE OF INSPECTOR GENERAL\n                                        Department of Homeland Security\n\n\n              program interchangeably by Secure Flight officials. A Secure Flight official\n              identified these aircraft as \xe2\x80\x9cunscheduled and/or private charters weighing\n              12,500 pounds.\xe2\x80\x9d However, the updated Secure Flight Privacy Impact Assessment\n              allows operators and lessors of \xe2\x80\x9cTwelve-Five aircraft\xe2\x80\x9d to use Secure Flight. These\n              operators and lessors are described as \xe2\x80\x9ccharter operators and lessors of aircraft\n              with a maximum takeoff weight in excess of 12,500 pounds, and scheduled\n              aircraft operators under 49 CFR 1544.101(d).\xe2\x80\x9d 33 Furthermore, FAA officials\n              confirmed that pilots understand general aviation to specifically refer to\n              unscheduled, non-hirable flights. FAA officials also said that referring\n              interchangeably to the initiative as the General Aviation and Twelve-Five\n              program would be confusing to aircraft operators, who understand this\n              terminology to mean something different.\n\n              Recommendation\n\n              We recommend that the Administrator of the Transportation Security\n              Administration, in coordination with the Secure Flight program:\n\n              Recommendation #4:\n\n              Develop a communication strategy to formalize coordination and collaboration\n              with Federal Government and private industry partners to ensure clarity when\n              developing and implementing new initiatives.\n\n              Management Comments and OIG Analysis\n\n              Management Comments: TSA officials did not concur with Recommendation 4.\n              In its response, TSA said that it has already developed and implemented a\n              comprehensive communication strategy to formalize coordination and\n              collaboration with Federal Government and private industry partners to ensure\n              clarity when developing and implementing new initiatives. Additionally, Secure\n              Flight already develops and maintains stakeholder assessments for its specific\n              initiatives, hosts semi-annual aviation industry conferences, and disseminates\n              informational Secure Flight Updates to aircraft operators to ensure that\n\n   33\n        Privacy Impact Assessment Update for Secure Flight, August 15, 2011, p. 2.\n\nwww.oig.dhs.gov                                          48                               OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                 Department of Homeland Security\n\n\n           consistent and reliable messaging is provided to Secure Flight stakeholders.\n           Therefore, with respect to Secure Flight, TSA considers action for this\n           recommendation complete.\n\n           TSA noted that this recommendation is based on findings cited in the report\n           regarding initiatives (i.e., Known Traveler, TSA Pre\xe2\x80\xab )\xe2\x84\xa2\xdc\x82\xe2\x80\xacthat are TSA-wide\n           initiatives under Risk-Based Security. Each of the pilot programs has a tailored\n           communications strategy that evolves depending upon the results of the pilot\n           program and decisions on system-wide implementation.\n\n           OIG Analysis: Although TSA did not concur with this recommendation, we\n           consider the actions responsive to the intent of Recommendation 4, which is\n           resolved and open. The recommendation will remain open pending our receipt\n           of TSA\xe2\x80\x99s communication strategy with Federal Government partners and private\n           industry partners. To address the intent of this recommendation, the\n           communication strategy should include communication activities that foster a\n           collaborative working relationship with Federal Government and private industry\n           partners. The strategy should also outline general roles and responsibilities for\n           Secure Flight when the program communicates directly with Federal\n           Government and private industry partners about new initiatives.\n\n           The Joint Analysis Center Further Examines Secure Flight Data To Identify\n           Trends and Patterns\n\n           In addition to Secure Flight\xe2\x80\x99s efforts to improve the efficiency and effectiveness\n           of passenger prescreening, TSA, in conjunction with Secure Flight, has developed\n           the Joint Analysis Center. This center is colocated within the SOC and uses\n           encounter match data to perform broader aviation security analysis. Analysts\n           located at Secure Flight work jointly with TTAC and TSA OI analysts to use\n           passenger vetting results from Secure Flight and other programs to identify\n           trends and patterns in aviation security.\n\n           For example, trends and patterns might include which aircraft operators or\n           specific flights have the most Selectee List matches, or whether an individual on\n           the Selectee List departs from a particular airport or consistently travels with\n           other individuals who are a match to the watch list. This information is shared\n\nwww.oig.dhs.gov                                49                                         OIG-12-94\n\x0c                              OFFICE OF INSPECTOR GENERAL\n                                  Department of Homeland Security\n\n\n           with other Federal Government partners and may be used to inform tactical\n           decisions. As an example, when the Joint Analysis Center determines that a\n           large number of Selectees routinely fly into or out of a particular airport, it will\n           present the data to TSA leadership to drive operational decisions.\n\n           Conclusion\n\n           Public and private partners recognize the Secure Flight program\xe2\x80\x99s value, as it has\n           provided more consistent passenger prescreening.\n\n\n                  it has a defined system and processes to conduct watch list matching. To \n\n           ensure that aircraft operators follow established procedures, the SOC monitors\n           records and forwards issues for compliance investigation. However, this process\n           is not standardized, and program officials send compliance packages using their\n           discretion. Once Secure Flight successfully cutover aircraft operators, the\n           program focus shifted toward addressing emerging threats through multiple\n           initiatives. To develop and implement these initiatives effectively, Secure Flight\n           must enhance its relationship and communication efforts with public and private\n           partners.\n\n\n\n\nwww.oig.dhs.gov                                  50                                         OIG-12-94\n\x0c                            OFFICE OF INSPECTOR GENERAL\n                                Department of Homeland Security\n\n\n   Appendix A\n   Objectives, Scope, and Methodology\n   The Department of Homeland Security (DHS) Office of Inspector General (OIG) was\n   established by the Homeland Security Act of 2002 (Public Law 107-296) by amendment\n   to the Inspector General Act of 1978. This is one of a series of audit, inspection, and\n   special reports prepared as part of our oversight responsibilities to promote economy,\n   efficiency, and effectiveness within the Department.\n\n   We reviewed the implementation and coordination of TSA\xe2\x80\x99s Secure Flight program. Our\n   objectives were to determine (1) whether the program is screening all appropriate\n   persons; (2) whether processes and standards for aircraft operators to submit SFPD\n   information and receive BPPR instructions are timely and effective; (3) how the\n   program\xe2\x80\x99s screening processes are tested for accuracy, prioritization, and timeliness\n   during high-volume periods; and (4) how Secure Flight is protecting varying layers of\n   personally identifiable and sensitive watch list information.\n\n   We reviewed the communication processes and capabilities between the Secure Flight\n   program and aircraft operators and other relevant Government partners. We examined\n   directives, policies, and procedures relating to these processes and their intended\n   purpose. In addition, we reviewed relevant memorandums of agreement and\n   understanding between TSA and its Government partners with a role in prescreening\n   international and domestic passengers against the Federal Government\xe2\x80\x99s terrorist watch\n   list.\n\n   We interviewed TSA officials from the following offices: Secure Flight program and\n   operations, TTAC, OI, DHS TRIP, Office of Privacy, Transportation Sector Network\n   Management, Office of Global Strategies, and Office of Security Operations. In addition,\n   we met with officials from the DHS Office for Civil Rights and Civil Liberties, CBP, DHS\n   Screening Coordination Office, the FAA, and the FBI. Further, we engaged airline\n   industry associations and aircraft operators. This allowed us to assess the effectiveness\n   of Secure Flight\xe2\x80\x99s efforts, as well as the level of communication and collaboration\n   between Secure Flight and its Federal Government and private sector partners in the\n   passenger prescreening process.\n\n\n\nwww.oig.dhs.gov                               51                                      OIG-12-94\n\x0c                            OFFICE OF INSPECTOR GENERAL\n                               Department of Homeland Security\n\n\n   We also reviewed applicable legislation, regulations, directives, policies, operating\n   procedures, and official guidance documents and manuals. In addition, we studied work\n   previously performed by our office in this and associated areas, as well as the work\n   conducted by the Government Accountability Office.\n\n   We conducted this review under the authority of the Inspector General Act of 1978, as\n   amended, and according to the Quality Standards for Inspections issued by the Council\n   of the Inspectors General on Integrity and Efficiency.\n\n\n\n\nwww.oig.dhs.gov                              52                                     OIG-12-94\n\x0c                             OFFICE OF INSPECTOR GENERAL\n                                Department of Homeland Security\n\n\n   Appendix B\n   Recommendations\n   We recommend that the Director of the Secure Flight program:\n\n   Recommendation #1:\n\n   Identify how and when aircraft operators override an inhibited boarding pass printing\n   result and implement corrective action to eliminate unauthorized overrides by aircraft\n   operators.\n\n   Recommendation #2:\n\n   Ensure that aircraft operators prioritize Secure Flight passenger data appropriately and\n   receive an accurate, updated boarding pass printing result when aircraft operators\n   submit changes.\n\n   We recommend that the Director of the Secure Flight program, in coordination with the\n   Office of Security Operations Compliance Programs and Office of Global Strategies:\n\n   Recommendation #3:\n\n   Establish formal guidance that clearly defines Secure Flight program processes for\n   reporting aircraft operator compliance issues to the Office of Security Operations and\n   Office of Global Strategies.\n\n   We recommend that the Administrator of the Transportation Security Administration, in\n   coordination with the Secure Flight program:\n\n   Recommendation #4:\n\n   Develop a communication strategy to formalize coordination and collaboration with\n   Federal Government and private industry partners to ensure clarity when developing\n   and implementing new initiatives.\n\n\n\nwww.oig.dhs.gov                               53                                       OIG-12-94\n\x0c                   OFFICE OF INSPECTOR GENERAL\n                     Department of Homeland Security\n\n\n   Appendix C\n   Management Comments to the Draft Report\n\n\n\n\nwww.oig.dhs.gov                  54                    OIG-12-94\n\x0c                  OFFICE OF INSPECTOR GENERAL\n                   Department of Homeland Security\n\n\n\n\nwww.oig.dhs.gov                55                    OIG-12-94\n\x0c                  OFFICE OF INSPECTOR GENERAL\n                   Department of Homeland Security\n\n\n\n\nwww.oig.dhs.gov                56                    OIG-12-94\n\x0c                  OFFICE OF INSPECTOR GENERAL\n                   Department of Homeland Security\n\n\n\n\nwww.oig.dhs.gov                57                    OIG-12-94\n\x0c                  OFFICE OF INSPECTOR GENERAL\n                   Department of Homeland Security\n\n\n\n\nwww.oig.dhs.gov                58                    OIG-12-94\n\x0c                                  OFFICE OF INSPECTOR GENERAL\n                                      Department of Homeland Security\n\n\n   Appendix D\n   Secure Flight Passenger Prescreening Process\n\n\n\n\n   Source: Secure Flight Briefing, June 2011.\n\n\n\nwww.oig.dhs.gov                                   59                    OIG-12-94\n\x0c                          OFFICE OF INSPECTOR GENERAL\n                              Department of Homeland Security\n\n\n   Appendix E\n   Major Contributors to This Report\n   Marcia Moxey Hodges, Chief Inspector\n   McKay Smith, Senior Inspector\n   Katherine Yutzey, Senior Inspector\n   Amy Tomlinson, Inspector\n   Heidi Einsweiler, Inspector\n\n\n\n\nwww.oig.dhs.gov                           60                    OIG-12-94\n\x0c                            OFFICE OF INSPECTOR GENERAL\n                                Department of Homeland Security\n\n\n   Appendix F\n   Report Distribution\n   Department of Homeland Security\n\n   Secretary\n   Deputy Secretary\n   Chief of Staff\n   Deputy Chief of Staff\n   General Counsel\n   Executive Secretary\n   Director, GAO/OIG Liaison Office\n   Assistant Secretary for Office of Policy\n   Assistant Secretary for Office of Public Affairs\n   Assistant Secretary for Office of Legislative Affairs\n   Officer for Civil Rights & Civil Liberties\n   Chief Privacy Officer\n   Administrator, Transportation Security Administration\n   Commissioner, U.S. Customs and Border Protection\n   TSA Liaison\n   CBP GAO/OIG Liaison\n\n   U.S. Department of Justice\n\n   Director, Terrorist Screening Center\n   DOJ GAO/OIG Liaison\n\n   U.S. Department of Transportation\n\n   Administrator, Federal Aviation Administration\n   DOT GAO/OIG Liaison\n\n   Office of Management and Budget\n\n   Chief, Homeland Security Branch\n\nwww.oig.dhs.gov                              61                   OIG-12-94\n\x0c                           OFFICE OF INSPECTOR GENERAL\n                              Department of Homeland Security\n\n\n   DHS OIG Budget Examiner\n\n   Congress\n\n   Congressional Oversight and Appropriations Committees, as appropriate\n\n\n\n\nwww.oig.dhs.gov                            62                              OIG-12-94\n\x0cADDITIONAL INFORMATION AND COPIES\n\nTo obtain additional copies of this document, please call us at (202) 254-4100, fax your\nrequest to (202) 254-4305, or e-mail your request to our Office of Inspector General\n(OIG) Office of Public Affairs at: DHS-OIG.OfficePublicAffairs@dhs.gov.\n\nFor additional information, visit our website at: www.oig.dhs.gov, or follow us on Twitter\nat: @dhsoig.\n\nOIG HOTLINE\n\nTo expedite the reporting of alleged fraud, waste, abuse or mismanagement, or any\nother kinds of criminal or noncriminal misconduct relative to Department of Homeland\nSecurity (DHS) programs and operations, please visit our website at www.oig.dhs.gov\nand click on the red tab titled "Hotline" to report. You will be directed to complete and\nsubmit an automated DHS OIG Investigative Referral Submission Form. Submission\nthrough our website ensures that your complaint will be promptly received and\nreviewed by DHS OIG.\n\nShould you be unable to access our website, you may submit your complaint in writing\nto: DHS Office of Inspector General, Attention: Office of Investigations Hotline, 245\nMurray Drive, SW, Building 410/Mail Stop 2600, Washington, DC, 20528; or fax it\ndirectly to us at (202) 254-4297.\n\nThe OIG seeks to protect the identity of each writer and caller.\n\x0c'